NHS Trusts a magnet for ransomware, FOI disclosures reveal

Just under one-third of all NHS trusts report ransomware infections

The antiquated IT running in the average NHS Trust is proving to be a magnet for ransomware, according to responses to a series of Freedom of Information requests.

Endpoint security firm Sentinel One filed a series of FOI requests with NHS trusts across the country and found that 30 per cent have been subject to ransomware attacks.

One of them, Imperial College Healthcare NHS Trust, admitted that it had been attacked 19 times in just 12 months.

SentinelOne also found that NHS trusts were often their own worst enemy, with too many running out-of-date anti-virus software and presumably, therefore, were lackadaisical in terms of other aspects of their IT security.

Most trusts, with two exceptions, reported that they have some kind of anti-virus protection on their endpoints, but that has not stopped bad traffic getting through.

The FOI requests found that 87 per cent of attacks came via a networked NHS device and that 80 per cent were down to phished staffers. However, only a small proportion of the 100 or so Trusts responded to this part of the requests.

"These results are far from surprising. Public sector organisations make a soft target for fraudsters because budget and resource shortages frequently leave hospitals short-changed when it comes to security basics like regular software patching," said Tony Rowan, chief security consultant at SentinelOne.

"The results highlight the fact that old school anti-virus technology is powerless to halt virulent, mutating forms of malware like ransomware and a new more dynamic approach to endpoint protection is needed.

"In the past, NHS trusts have been singled out by the ICO for their poor record on data breaches and with the growth of connected devices like kidney dialysis machines and heart monitors there is even a chance that poor security practices could put lives at risk."

Many of the trusts said that they were able to identify their attackers, while others blamed faceless hackers.