UK hospital, hit by cyberattack, resorts to paper and postpones procedures

A British hospital is grappling with a major cyberattack that has crippled its IT systems and disrupted patient care.

Wirral University Teaching Hospital (WUTH), part of the NHS, revealed on Monday that it had suffered a cybersecurity incident that continues to cause problems, and has forced its hospitals to postpone appointments and scheduled procedures.

WUTH, which manages Arrowe Park Hospital, Clatterbridge Hospital, and Wirral Women and Children’s Hospital, proactively isolated its IT systems when it first detected the threat, forcing it to revert to manual processes and the use of pen-and-paper.

Inevitably delays have occurred and health services have been disrupted. While emergency services remain available, WUTH said on its website that only those experiencing genuine emergencies should make use of them to avoid swamping the already strained system.

In a statement on its website, WUTH described the cyberattack as a “major incident”, and that it expected the issue to “continue over the weekend.”

“After detecting suspicious activity, as a precaution, we isolated our systems to ensure that the problem did not spread,” explained a spokesperson for WUTH. “This resulted in some IT systems being offline. We have reverted to our business continuity processes and are using paper rather than digital in the areas affected. We are working closely with the national cyber security services and we are planning to return to normal services at the earliest opportunity.”

For now, no more details have been publicly shared about the nature of the cybersecurity incident. However, I don’t believe any one would be surprised if it was later revealed that WUTH had fallen victim to a ransomware attack.

The fact that the hospital has chosen to shut down its IT infrastructure suggests that WUTH’s cybersecurity team are hoping to limit the damage occurring, and may be attempting to prevent its systems from being damaged further through encryption or data exfiltration.

For now, no ransomware group appears to be claiming responsibility for the attack.

In the past hospital systems have frequently fallen victim to ransomware attacks , with malicious hackers taking advantage of the healthcare industry’s reliance on older systems that may be difficult to patch or secure, and a limited resources.

In such situations it has become common to see newspaper headlines that a hospital has been forced to resort to pen and paper or cancel operations after an attack.

Although some ransomware gangs have claimed in the past that they have a policy of not targeting organisations that provide healthcare, others appear to have no such qualms.

Some cybercriminals believe that the need to protect patient data and avoid compromising care for the sick will incentivise hospitals into paying a ransom. Unfortunately, in some cases, they might be correct.