News: 1732620999

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

Another 'major cyber incident' at a UK hospital, outpatients asked to stay away

(2024/11/26)


A UK hospital is declaring a "major incident," cancelling all outpatient appointments due to "cybersecurity reasons."

The Wirral University Teaching Hospital NHS Trust, located in North West England, said the so-called "incident" affects the whole Trust, which oversees Wirral Women and Children's Hospital, Clatterbridge Hospital, and Arrowe Park Hospital.

Although the tech problems began on Monday, officials confirmed to The Register it is still dealing with the fallout as of Tuesday morning.

[1]

All outpatient appointments were canceled on Monday and the same decision was made today, according to Arrowe Park and Clatterbridge's social media posting. All patients whose appointments were canceled will be contacted to rearrange them.

[2]

[3]

Officials remain tight-lipped about the specifics, although locals were asked to only attend the hospitals' emergency departments for genuine emergencies which include chest pains, choking, and serious injuries.

The Register also understands the issue is affecting the wider hospital departments, not just accident and emergency - exactly how it is manifesting is still under wraps.

[4]

We asked a Trust spokesperson whether the incident involved ransomware, but they deferred to the official statement:

A major incident has been declared at the Trust for cyber security reasons.

Our business continuity processes are in place, and our priority remains ensuring patient safety. All outpatient appointments scheduled today are canceled. We apologize for any inconvenience and we will contact our patients as soon as possible to rearrange.

We urge all members of the public to attend the Emergency Department only for genuine emergencies. For non-urgent health concerns, please use NHS 111, visit a walk-in center, urgent treatment center, your GP, or pharmacist.

The Trust added that business continuity processes are in place. The Register pressed the Trust's officials for more details, such as whether outside help has been drafted, whether the NCSC/NCA were informed, and for how long the issues are expected to persist, and we will update the story as we learn more.

It has been a tough year for the NHS on the cybersecurity front. Two major attacks hit NHS services in England and Scotland this year, most recently in London with [5]Qilin's ransomware strike on pathology services provider Synnovis.

The attack was carried out in June and it wasn't until October that the NHS began saying the majority of services were back up and running.

More than 10,000 appointments and nearly 2,000 procedures were canceled across the five-month period, which also saw numerous urgent appeals for blood donors issued due to the attack's impact on systems used for cross-matching blood transfusions. Type O-negative and Black heritage blood was particularly in demand.

[6]

Some patients were [7]affected more than others .

[8]Qilin: We knew our Synnovis attack would cause a healthcare crisis at London hospitals

[9]'IT failure' hits blood tests as another critical incident declared by NHS

[10]Second NHS IT system confirmed to be affected by CrowdStrike issues

[11]Cancer patient forced to make terrible decision after Qilin attack on London hospitals

The attack on Synnovis came just months after INC Ransom's hit on NHS Scotland, specifically the NHS Dumfries and Galloway Trust, which [12]said it did not give in to the attackers' demands.

CEO of the Trust Julie White said patient care wasn't disrupted as a result of the February intrusion, but acknowledged that criminals had accessed and uploaded thousands of people's data to their leak site.

INC [13]claimed to have stolen 3TB worth of the Trust's data and White confirmed in a letter to those affected that the attackers stole millions of files. She warned victims of the potential for extortion and phishing, as well as the mental health repercussions that could arise due to the data's publication. ®

Get our [14]Tech Resources



[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z0X-sheb0I4Tip_FruACcQAAAAo&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0X-sheb0I4Tip_FruACcQAAAAo&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0X-sheb0I4Tip_FruACcQAAAAo&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z0X-sheb0I4Tip_FruACcQAAAAo&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[5] https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/

[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z0X-sheb0I4Tip_FruACcQAAAAo&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[7] https://www.theregister.com/2024/07/05/qilin_impacts_patient/

[8] https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/

[9] https://www.theregister.com/2024/09/11/nhs_pathology_services_battered_again/

[10] https://www.theregister.com/2024/07/19/crowdstrike_update_nhs_it_outages/

[11] https://www.theregister.com/2024/07/05/qilin_impacts_patient/

[12] https://www.theregister.com/2024/06/18/nhs_dumfries_and_galloway_letter/

[13] https://www.theregister.com/2024/03/28/nhs_scotland_cyberattack/

[14] https://whitepapers.theregister.com/



0laf

Get your incident bingo cards ready.

Although having worked with some of the NHS IT guys in the past I have a lot of sympathy. The run a biblically complex group of organisations (NHS isn't one one big organisation it's many interlinked entities), with biblically complex data and IT needs, run on pennies, with overworked under paid employees who are fighting a combination of cutbacks with a manglement and staff base that have little to no interest in anything outside of their needs as clinicians or political pole climbers.

These incidents are unfortunately inevitable and likely to continue. There may also be a nation state element to the attacks.

Korev

> There may also be a nation state element to the attacks.

Now don't Russia to conclusions...

Anonymous Coward

And the consultant for the eye hospital over from our support site that smashed up an expensive touchscreen computer because it was getting on his nerves.

The trust being large that it had TWO IT teams doing things seperately as that's what the Trust wanted. Giving us little access when rolling out new kit so having to sit at a nurses station for 20mins waiting for 3rd line to get out of their fucking meeting so I could install the blood printer (prints the labels that go round your wrist).

Then, which still pisses me off to this day, the IT managers daughter got a job because of who her dad was. Asked us to sort out some xray type machine (can't remember what it was. Was a PC but something to do with xrays) because "All the other engineers have gone home and you guys are the only ones left" (it was a Friday, we were contractors and all of IT had left early). We asked for the ticket which we kept being told we MUST GET A TICKET but she had none and cause of her dad, didn't need one.

So we go over the road, none of our cards let us in that fucking building. She's eventually made to come over to let us in, oh look her card doesn't work either. Jesus christ. We get in, find the nurses who tell us "IT was here earlier but they only took the keyboard and mouse". So essentially IT were being fucking lazy so made us move the bulky kit. Stuck it on a trolley and had to push it up the steep hill to the main building. We get to where we were told it was going, the guy has no idea what its about. Eventually someone arrives that knows about it and we then have to carry it up some windy stairs.

IT at the NHS is normally a shit show. I was first there in 2007. Left and back again in 2017. The IT culture hadn't changed! They were still quite cuntish. Having said that, still, if desperate, is a good place to start and get experience instead of working for the MSP sweatshops.

Anonymous Coward

"The only thing necessary for the triumph of evil is for good men to do nothing." -- Edmund Burke ...

Edmund Burke served as a member of Parliament between 1766 and 1794 so what has changed since then?

Whether or not ...

Mike 137

" There may also be a nation state element to the attacks "

Regardless of this, it'd be interesting to discover whether these hospitals were targeted, or were merely so darned wide open they fell victim as collateral damage to a shotgun attack aimed at some third party (as in the case of notPetya). Having tried to do infosec in an NHS trust, I suspect the latter is most likely.

Re: Whether or not ...

0laf

Bit of both probably

Re: Whether or not ...

Sir Sham Cad

We know that Healthcare is being targeted by Nation States. The main issues in critical infrastructure/services is that you don't get downtime to patch the huge IT infrastructure estate (even though NHS England require resolution in 14 days or SIRO risk signoff) so can remain vulnerable for months.

Anything InfoSec: they need to get lucky once, we need to get lucky all the time.

Mouse take

elsergiovolador

This is another even dance that introduction of com-poo-ters to NHS was a mouse take.

If we still used paper records, none of this would have happened.

Re: Mouse take

Anonymous Coward

they still use paper.

My old man is in a hospice and the the staff there were doing double entry, once on paper and once in the system.

Re: paper records

Sir Sham Cad

Aside from anything else, there are IT systems required for tracking paper records. Yep. I know.

Almost 20 years ago I remember seeing paper records strewn all over the place as a building that was sold off to be turned into flats was just abandoned. I was just there to pull out the network kit. I hope to FSM that those records had been digitised first but I have my doubts.

Who 'Owns' IT?

MisterHappy

It would be interesting to see if the IT dept have their own director or if they are under Finance.

In my experience, IT running under finance = spit & bailing wire.

"The good Christian should beware of mathematicians and all those who make
empty prophecies. The danger already exists that mathematicians have made
a covenant with the devil to darken the spirit and confine man in the
bonds of Hell."
-- Saint Augustine