Categories: Security

NHS Hit By ‘Dozens’ Of Ransomware Attacks

NHS Digital has acknowledged ransomware attacks on its network, following a report over the weekend that found at least 28 NHS trusts in England were affected by the data-encrypting malware over the past year.

The executive Department of Health body, which oversees some aspects of the NHS’ national IT systems and collects data on trusts, did not disclose how many attacks had been reported to it, saying only the figure was “fewer than five”.

Dozens affected

However, trusts are only obliged to report the most serious incidents to NHS Digital, and a study carried out by Manchester-based IT security firm NCC Group found at least 28 trusts in England had been hit by ransomware, according to a report by newspaper The I.

Twenty of those trusts paid no ransom, with another eight, including two unnamed London hospitals, declining to say whether they paid, according to data drawn from Freedom of Information Act requests.

The number of incidents may have been much higher as the majority of trusts either declined to provide information or did not respond. NCC said the responses suggest up to half of trusts may have been hit by ransomware during the period.

“The health service is by no means alone in facing this kind of attack,” said Ollie Whitehouse, technical director of NCC Group, in a statement. “But NHS trusts are being increasingly targeted and any loss of patient data would be a nightmare scenario.”


NHS Digital said incidents reported to it were “rare” and that no ransoms had been paid.

“In the last year there have been fewer than five reports of ransomware attacks on individual machines on a network used by around two million people,” the body said. “In all reported cases, effective and swift action was taken and no ransoms have been paid.”

The group acknowledged that, as with other types of organisations, attempted ransomware attacks are “rising” but it said it is taking action to ensure data safety.

Ransomware, usually spread via disguised email attachments, encodes data found on affected systems and networks and charges a fee ranging from hundreds to thousands of pounds to restore the information.

Europol earlier this month highlighted ransomware as the “dominant threat” to public and private organisations across Europe.

A McAfee study last month found a total of $100,000 (£80,000) had been paid by ransomware-affected hospitals alone in the first three months of this year, as a result of 20 separate attacks in the US, the UK, Australia, Germany, Canada and South Korea.

Security researchers estimate ransomware brings in hundreds of millions of pounds a year.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Fisker Files For Chapter 11 Bankruptcy

EV maker Fisker files for bankruptcy protection in the US – the second EV venture…

23 mins ago

Nvidia Overtakes Microsoft As Most Valuable Tech Firm

Nvidia dethrones Microsoft as world's most valuable tech firm, in ongoing market capitalisation battle of…

4 hours ago

Apple Drops ‘Buy Now, Pay Later’ Service

Apple sunsets its buy now, pay later service known as 'Apple Pay Later', and will…

5 hours ago

Microsoft Xbox Marketing Chief Leaves For Roblox

Microsoft loses Xbox marketing chief amidst executive changes in company's gaming division, broader layoffs and…

1 day ago

YouTube Test Community ‘Notes’ Feature For Added Context

YouTube begins testing Notes feature that allows selected users to add contextual information to videos,…

1 day ago

FTC Sues Adobe Over Hidden Fees, Termination ‘Resistance’

US regulator sues Photoshop maker Adobe over large, hidden termination fees, intentionally difficult cancellation process

1 day ago