Cyber criminals have made “multiple” attacks on Cornwall’s main hospital in the past year with repeated attempts to hold health bosses to ransom by stealing sensitive information. According to a Freedom of Information (FoI) request, the IT system of the Royal Cornwall Hospitals Trust (RCHT) was once infected ransom-ware, a type of malicious software designed to block access to a computer system until a sum of money is paid.
A spokesman for the trust said robust security was in place which was constantly updated to guard against new cyber threats.
“The Trust and wider NHS has an active and on-going programme to assess new cyber-attack risks and to ensure that we have in place the best counter measures to prevent cyber-attacks or are able to recover from cyber-attacks should an attack be successful,” he said.
According to the FoI, the RCHT has experienced “multiple attacks” through cyberspace in the past 12 months.
At one point between 2012 and 2016, the RCHT’s IT system was infected with ransom-ware, a malicious programme which can result in the lock down of an entire network which will not be released until a sum of money is paid.
The spokesman for the trust said the IT infection was resolved by the trust’s in-house team of software engineers and that police were not informed as the problem was solved.
The RCHT has confirmed that it has both end-point and anti-virus software installed on its computers.
Earlier this month, IT experts warned that British hospitals were “ripe and vulnerable targets” for attack from abroad after three large hospitals in the USA were forced to declare a state of emergency after their IT systems were shut down by hackers.
According to a recent survey, 98% of healthcare professionals fear cyber-attacks against the NHS and 84% believe there will be an increase and attacks against their own organisations.
The NHS has a dedicated group to combat cyber attacks, Care Computer Emergency Response Team (CareCERT), which this month has been expanded to improve learning and reaction in the event of a successful attack.
Public Health and Innovation Minister Nicola Blackwood said: “The risks from cyber-attacks are ongoing and ever changing across all sectors, and often cyber attacks on the NHS are not seeking health data specifically, but have targeted a range of sectors with the same attack.
“But we need to make sure that health and social care information is protected with the highest possible standards of security.
“NHS Digital’s CareCERT service will help over 1.3 million NHS staff and those working in care staff boost their awareness and knowledge, as well as helping organisations improve their defences and keep valuable patient information secure.
“If the worst should happen, the service will also help organisations respond as quickly as possible.”