England’s largest NHS trust hospital has fallen victim to a cyber-attack that could compromise thousands of patient files across at least four hospitals. Barts health trust runs five London hospitals, including Mile End, the Royal London, St Bartholomew’s, Whipps Cross, and Newham. The trust alerted staff, instructing them to not open attachments from unknown senders.
A Barts spokesman said:
“We are urgently investigating this matter and have taken a number of drives offline as a precautionary measure. We have tried and tested contingency plans in place and are making every effort to ensure that patient care will not be affected.”
Early reports indicated that the trust fell victim to ransomware, which often trick the reader of an email into opening an attachment that releases malware. However, the Barts spokeswoman denied that the attack was of this nature. The Barts spokeswoman declined to specify how much of their system had been affected said the trust believes that the system affected was housing corporate data. They said that the filing system between departments was to be turned off during the investigation.
The Royal Free London foundation trust also warned employees to be cautious of such an attack. The trust’s IT director, Tosh Mondal, said:
“We have been informed of a major cyber-attack on NHS organisations. Please exercise extreme caution when opening any email attachments from unknown source or that don’t seem relevant to you. We will be carrying out security scans on all computers within the trust so please leave them switched on until further notice.”
A spokesman from Royal Free London said that the email was in response to the Barts attack, and that their trust had not been affected.
NHS digital acknowledged that Barts had been attacked by a “virus which has affected their IT systems”.
An NHS spokesperson said:
“This issue highlights the fact that there are threats to data security within the health and care sector, as with any other sector. We remain committed to supporting the protection of data with the highest possible security standards, high levels of security expertise from the center and appropriate training and awareness of the risks for all staff.”
The spokesperson did not answer questions pertaining to whether other NHS trusts had been affected, how much data had been affected, or who could have been behind the attack.