Organisation: County Durham and Darlington NHS Foundation Trust (CDDFT)
Incident: WannaCry Attack – 12 May 2017
The WannaCry ransomware attack was a worldwide cyber-attack which took place in May 2017. The cyber-attack targeted PCs running Windows. The attackers encrypted data and demanded a ransom, if this was not paid the group threatened to release data/information. Microsoft were made aware of a potential attack 12 months prior to the attack and released a security patch to be installed on all electronic devices that ran Windows.
Organisations that did not install the patch when advised to do so by Microsoft then became the target. 200,000 PCs were infected across 156 countries as a result of the WannaCry ransomware attack.
County Durham and Darlington NHS Foundation Trust (CDDFT) did not suffer from a direct attack, however:
The ambulance service protected their network by closing access to their network, with the main impact being:
- Ambulance handover process and screens disabled
- Patient Transport Service booking portal not available.
Tertiary centres protected their network by closing access to their network, main impact being:
- We could not transfer CT/MR scans
- We could not access Chemo Care meaning we could not transfer Chemo orders to our
Primary care IT provider protected their network by closing access to their network, main impact being
- Automated transfer of blood results failed.
- Certain GPs couldn’t access their case load.
- Handover process: Pre alerts continued to be communicated by landline and
ambulances arrived without warning however pins communicated via airwaves
- Patient Transport Service: Business Continuity Plan invoked, and bookings made via
- Transferred images onto DVD and sent by taxi
- Chemo orders reverted to paper and faxed.
- Transfer of blood result reverted to paper however slowed the whole process down
- Some GPs were able to access their caseload by accessing System One via our
Urgent Treatment Centres.
A number of lessons were identified and Business Continuity Plans (BCPs) updated:
- No system wide fix agreed. CDDFT BCP updated to reflect pins would be
communicated by paramedics airwaves
- Patient Transport Service: BCP updated to include direct dial numbers to make
booking either via landline or mobile.
- Secondary DVD purchased and CDDFT BCP updated to reflect the transfer of images
- Chemo Care now has a BCP detailing actions to be taken in the event of Cyber Attack.
- Pathology BCP updated to incorporate actions to be taken in the event of a Cyber
- Primary Care BCPs updated to incorporate the process of accessing their case load
via a Trust Urgent Treatment Centre.
To minimise the impact on the health economy, it is imperative that NHS organisations understand their interdependencies and then work to dovetail their Business Continuity Plans for shared services.