Globe2 ransomware blamed for Lincolnshire NHS trust cyber attack

clock • 2 min read

As suspected, Northern Lincolnshire and Goole NHS Foundation Trust finally admits that ransomware took its systems down in October

The cyber attack on a NHS trust in Lincolnshire that led to operations being cancelled for four days in October has been attributed to a ransomware outbreak.

In a statement circulated today, Northern Lincolnshire and Goole NHS Foundation Trust finally revealed the source of the outbreak, which led the organisation to shut down almost all the organisation's IT systems, and to cancel all operations for several days until the outbreak was contained and dealt with.

"The cyber attack experienced by Northern Lincolnshire and Goole NHS Foundation Trust in October 2016 was a variant of ransomware called Globe2," Pam Clipson, director of strategy and planning at Northern Lincolnshire and Goole NHS Foundation Trust, told Computing.

Clipson then explained how the Trust sought to tackle the outbreak: "Our teams took immediate action upon detection of the attack, minimising its impact. The Trust took the decision to halt routine appointments in order to ensure patient safety while we eradicated the issue.

"Any potentially encrypted servers were checked and cleansed both prior to switching off and before returning to ‘live' status. The majority of our systems were up and running again within 48 hours. A total of just over 2,800 patient appointments were cancelled as a result of the disruption.

"We liaised with an external cyber security company and the police to ensure our response to the incident was as rigorous as possible.

"As the police regional cyber crime unit's investigation is still in progress, it could be prejudicial to publish any further detail about the case, including the exact details of how the perpetrator gained access."

Reports in the press had suggested that the source of the outbreak was an infected USB stick, but Clipson denied this.

"We can confirm that recent publicly reported information alleging that access was gained through a USB stick or due to remote working have no grounding in fact. We can assure our patients and other stakeholders that we acted swiftly to enhance our existing cyber security but in order to maintain security and support the police investigation, we are unable to share specific information at this time on the exact steps we have taken."

Northern Lincolnshire and Goole NHS Foundation Trust wasn't the first organisation in the county to suffer from a ransomware outbreak. In January, Lincolnshire County Council was targeted in an attack that its CIO Judith Hethington Smith claimed could have cost it more than £1m in ransoms, if it hadn't taken its IT systems offline.

The action effectively shut the Council down for almost a week.

You may also like
Operation Cronos: NCA reveals details of LockBit affiliates

Threats and Risks

Operation has been crippled - for now

clock 22 February 2024 • 3 min read
US charges two Russian nationals in LockBit ransomware case amid global crackdown

Law

The indictments coincide with a significant takedown of LockBit in a joint operation by US, UK, and other international law enforcement agencies

clock 21 February 2024 • 3 min read
Law enforcement takes down LockBit - updated

Security

NCA among the groups under 'Operation Cronos'

clock 20 February 2024 • 2 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

Law enforcement takes down LockBit - updated

Law enforcement takes down LockBit - updated

NCA among the groups under 'Operation Cronos'

Tom Allen
clock 20 February 2024 • 2 min read
Microsoft's chief security advisor joins Cybersecurity Festival 2024

Microsoft's chief security advisor joins Cybersecurity Festival 2024

Sarah Armstrong-Smith will talk AI in security

Tom Allen
clock 19 February 2024 • 1 min read
Microsoft announces critical zero-day Exchange bug

Microsoft announces critical zero-day Exchange bug

Enables remote control of Exchange Server

Vikki Davies
clock 16 February 2024 • 1 min read