Cyber-ransom: Frontline of online fraud posing risk to NHS patients’ lives

© Kacper Pempel
Cyber-blackmailers are increasingly targeting the National Health Service’s IT systems, which hold the data of millions of patients, in an attempt to extort ransoms from hospitals across Britain, it has been revealed.

At least 28 NHS trusts in England have been hit by “ransomware” attacks in the past year, many originating from Eastern Europe, according to Freedom of Information figures obtained by iNews.

Four of those incidents were considered serious enough to be reported as a potential breach of data protection or confidentiality laws.

Ransomware works by implanting a piece of malicious software, often disguised as an email, which locks the user out of the computer’s systems or files. The hackers then demand that a ransom be paid in BitCoin, which can be the equivalent of thousands of pounds.

Last week, the rise of ransomware was highlighted by Europol, which said organized crime groups are deploying an increasingly sophisticated arsenal of viruses.

NHS Digital, a body that oversees cyber-security for the NHS, said that, while attacks have been on the rise, no ransom has been paid and no data lost, adding that patient records have not been affected. It also noted that the NHS was just one of many public authorities being targeted.

Ollie Whitehouse, technical director of NCC Group, the internet security company that obtained the data, told the newspaper: “Ransomware has become the bottom line of cyber-crime – if hackers break into a system and can’t find any other way to monetize what they find, they encrypt the data and demand a ransom.

“We have seen a 400 percent increase in these attacks.

“The health service is by no means alone in facing this kind of attack.

“But NHS trusts are being increasingly targeted and any loss of patient data would be a nightmare scenario. Like everyone else, they need to be applying robust controls.”

Security experts say the health sector is seen by cyber-criminals as a particularly lucrative target, as health records are worth up to ten times more than other data, such as banking details.

British universities and local authorities are reportedly also among public sector bodies subjected to ransomware attacks.