Do you really have confidence in your records being confidential? NHSreaality very much doubts if Hospital Trusts have cyber insurance? Your notes are the property of the Secretary of State for Health in the Region / Post Code in which you live. The state will not compensate you, and no company is likely to insure such a reactionary and heavy footed organisation, where there are no exit interviews, and where learning from mistakes is secondary to avoiding bullying, in the culture of fear.
Three NHS hospitals are struggling to cope after being hit by a “malicious” cyberattack that forced the cancellation of all appointments, procedures and operations for two days.
Officials said that about 1,000 patients would be affected at hospitals run by the Northern Lincolnshire and Goole Trust, where the computer virus was discovered on Sunday. A major incident was declared at the Diana Princess of Wales in Grimsby, Scunthorpe General and Goole and District.
The hospitals’ computer systems control all aspects of operations, so the virus has affected “everything from ventilation, gasses, even down to the car park barriers”, Lawrence Roberts, medical director at the trust, said.
Mr Roberts added: “We’re not sure where it came from, nor what the intention behind it was, but it certainly seems like a malicious attack.”
The news comes as a senior government minister warned that “large quantities of sensitive data” held by the health service and the government are being targeted by malicious forces from other countries. Writing in the Telegraph, Ben Gummer, minister for the Cabinet Office, said: “Cyberattacks are a reality and they are happening now. Our adversaries are varied: organised criminal groups, ‘hactivists’, untrained teenagers and foreign states.”
He added: “The government has a clear responsibility to ensure its own systems are cyber-secure. We and the rest of the public sector — including the NHS — hold large quantities of sensitive data and provide online services relied on by the whole country.”
The hospitals targeted on Sunday responded as though they were in a major incident or disaster producing multiple casulaties. They resorted to a paper-based tagging system to admit patients in A&E.
“I’ve never seen anything like it in my more than 20 years at the trust,” Mr Roberts said. “Everything we do is computer-based so our doctors had to switch back to pen and paper and carbon copies for prescriptions and discharge letters.”
He said that the trust’s cyberattack team was trying to find the source of the virus but he could not confirm where — or even which country — it had come from. Although Northern Lincolnshire and Goole’s systems are connected to other trusts, Mr Roberts said he had been told that it was unlikely the virus would spread.
All operations were allowed to proceed on Sunday when the virus was discovered, but everything after that has been cancelled. The trust plans to meet this afternoon to assess the scale of the damage and see if the hospitals can be back to full capacity tomorrow.
This is not the first time that NHS hospitals have been targeted by computer viruses. An investigation by the i newspaper this year found at least 30 NHS Trusts in England had been the victim of “ransomware” attacks in the past year. Four incidents were considered to be so serious that they had to be reported as a potential breach of data protection or confidentiality laws.
Ransomware works by implanting itself on a computer and making its data unintelligible until its senders are paid a ransom in currency such as Bitcoin.
In 2008 the Mytob worm computer virus overloaded computer networks at Barts, the Royal London and the London Chest Hospital. Services affected included accessing blood tests, X-rays and patient administration.