UK hospitals shut down IT-systems, cancel operations, after virus infection

1 November 2016
The three affected hospitals are the Diana Princess of Wales in Grimsby, Scunthorpe general and Goole and District., The Guardian writes. Officials stated around 1,000 patients would be affected at hospitals run by the North Lincolnshire and Goole trust after a major incident was declared due to the virus, first identified on Sunday.T he majority of the trust’s network on Monday were shut down and specialists are now working to fix the problem. Officials said patient safety had not been compromised, with doctors resorting to pen and paper and serious emergency cases being redirected to neighbouring hospitals.

According to Dr Karen Dunderdale, the trust’s deputy chief executive, a virus infected all major electronic systems. Therefor the decision was taken, following expert advice, to shut down the majority of systems so the virus can be isolated and destroyed.  “Planned operations, outpatient appointments and diagnostic procedures have been cancelled for today and tomorrow.”

It is not yet clear how the virus got into the hospitals’ systems, but officials are hopeful they will be back to full operating capacity by Wednesday. The situation is being reviewed on an hourly basis. Dunderdale continues: “Our clinicians will continue to see, treat and operate on those patients who would be at significant clinical risk should their treatment be delayed. Further updates will be posted on the trust website and social media channels.We would like to apologise to all patients who are affected.

Awareness of cyber risks

Awareness concerning cybersecurity risks has yet to translate into sufficient measures preventing cyber attacks from having succes, Deloitte stated earlier this year. According to the report Cyber security of networkconnected medical devices in (EMEA) Hospitals 2016’, hospitals are increasingly aware of the importance of good cybersecurity in their medical devices. But improvements are still needed at an operational level. The Deloitte survey was conducted among 24 hospitals in nine countries in EMEA. It found that over half the hospitals surveyed used standard passwords (i.e. factory settings) to secure their equipment.

Organizations in healthcare really need to start worrying about the vulnerability and security of their IT systems, their patient and other data and their connected medical equipment. Earlier in September Intel security released a report stating ransomware is beginning to have a real impact on the health sector. Later that month security supplier Gemalto reports in its Data breach Index the health sector sufferd over a quarter of al reported data breaches worldwide. And this percentage is growing.

Growing worries about potential hacks

86 percent of executives in verticals such as healthcare, government and financial services, worry about potential hacks. Half of them believe they will experience more security breaches through mobile devices, while 44 percent fear security will prevent employees from being productive, BlackBerry said in a survey published last August.

The survey reveals that 73 percent of organizations have a mobile security strategy in place, but only three percent say they have implemented the highest levels of security possible. This is in part because of user attitudes – 82 percent of the executives admit mobile security precautions cause at least some frustration among employees, and potentially hinder productivity. Overall, 44 percent fear that too much mobile security will prevent employees from doing their job.

According to security company TrapX, the health care sector has become one of the most threatened industries when it comes to malware, cyberattacks et cetera.  It is under attack more these days than are industries such as financials and retailing. A good example of this threat is a new version of Conficker that is specifically targeting connected medical equipment. The threat is serious, because a lot of connected equipment in for example hospitals have low levels of security, TrapX states in a press release concerning the report Anatomy of an Attack – Medical Device Hijack 2” (MEDJACK 2).