Three more hospitals in the UK were infected with ransomware and this time it had a direct effect on customers. 2800 appointments were cancelled while cyber criminals attempted to hold their systems for bitcoin.
Reports of hospitals becoming infected with ransomware are becoming a weekly occurrence. Unfortunately hospitals all around the world are being targeted heavily by ransomware authors as they’re a juicy target that often can’t afford to shut down and not pay the ransom. Fortunately for the hospitals in the Northern Lincolnshire and Goole NHS Foundation Trust they did not have to pay the ransom after experiencing an infection.
The infection was first reported and was believed to be a malware infection that spread via USB. However, we now know that it was a ransomware infection that encrypted the systems which were then shut down by IT to clean them. The hospitals are reporting that a majority of their systems were brought back online within 48 hours, however they were forced to cancel approximately 2800 customer appointments. They were unable to serve customers without systems online which forced them to cancel. Fortunately for all patients no data was stolen during the breach.
While it has been reported that the Globe2 ransomware was the malicious family behind this attack, we don’t know how the hospital was able to restore encrypted data. They may have used backups or one of the publicly available decryptors for Globe2 to restore their files and get systems running normally again.