NHS Lanarkshire in Scotland was on Friday hit by a new ransomware variant which the hospital’s security systems weren’t able to detect.
Following the ransomware attack, NHS Lanarkshire cancelled some operations and asked patients not to visit hospitals except in cases of emergency.
“We have detected some incidences of malware. We took immediate action to prevent this spreading while we carried out further investigations,” said Calum Campbell, Chief Executive at NHS Lanarkshire.
“We are now putting in place a solution from our IT security provider. While the issue is being resolved our staff have been working hard to minimise the impact on patients and we apologise to anyone who has been affected,” he added.
In a reply to some concerned citizens on Facebook, NHS Lanarkshire said that the ransomware attack was successful because even though their security software was up to date, ‘nothing offers 100% protection’.
The Scotland hospital was also affected during the WannaCry ransomware outbreak which had also paralysed operations at many NHS Trusts across the UK. After WannaCry was thwarted, many hospitals had put in place new security solutions to prevent future ransomware attacks. However, NHS Lanarkshire couldn’t prevent the attack from taking place this time as it was a new variant, said a spokesman for the hospital.
“The fact that hospital IT staff were able to get their systems up and running over the weekend without caving and paying the exorbitant ransom is encouraging and appears to show that they have taken steps to guard against these major outbreaks,” said Matt Lock, Director of Sales Engineering at Varonis.
He added that even though it has been contained, the attack ‘demonstrates the impact of such breaches on the data and systems of a critical sector’ and that healthcare organisations must remain on guard, considering the sheer volume of sensitive data they need to protect from malicious hackers.