Several appointments at hospitals and healthcare centers operated by National Health Service (NHS) Lanarkshire in Scotland had to be postponed recently when the organization fell victim to yet another ransomware attack.
Cybersecurity researchers say the ransomware virus known as Bitpaymer was used in the August attack on NHS, which manages the healthcare for more than 650,000 people living in Scotland. Back in May, NHS systems became infected with WannaCry, the much-talked-about ransomware virus that encrypted files in more than 200,000 computer systems around the world.
It’s still unclear how the IT systems at NHS became infected with Bitpaymer. At one point, the ransomware rendered both employee banking and telephone systems unavailable.
News of the malware attack broke on August 25th when NHS Lanarkshire posted a statement on its Facebook page.
“We have detected some incidences of malware,” the post reads. “We took immediate action to prevent this spreading while we carried out further investigations. We are now putting in place a solution from our IT security provider. While the issue is being resolved our staff have been working hard to minimize the impact on patients and we apologize to anyone who has been affected.”
The following week, NHS Lanarkshire chief executive Calum Campbell confirmed to STV News that Bitpaymer was the culprit.
“The malware was identified as a new variant of Bitpaymer. We are investigating how it infiltrated our network with our IT security providers,” Campbell said. “Our security software and systems were up to date with the latest signature files, but as this was a new malware variant the latest security software was unable to detect it. Following analysis of the malware our security providers issued an updated signature so that this variant can now be detected and blocked.”
How to defending against ransomware threats
Ransomware poses a persistent threat to the healthcare industry. That is why entities like NHS Lanarkshire should work to prevent a ransomware infection by creating a robust patch management strategy, educating their employees about phishing attacks, encrypting all business-critical data, and implementing access controls that assume someone’s credentials have been compromised. They should also back up servers, computers and laptops on a regular basis in case all else fails.