WannaCry victim NHS Lanarkshire hit by new ransomware strain

The Scottish health system is operating under contingency plans, as it works to regain normal operations.
By Jessica Davis
12:13 PM
NHS Lanarkshire hit by ransomware

Scotland’s NHS Lanarkshire was hit by ransomware on Friday, delaying some services and operations at a few of the trust’s hospitals.

NHS Lanarkshire makes up of Hairmyres, Monklands, Wishaw General and Community Hospitals, along with several health centers and treatment centers.

Lanarkshire officials quickly acknowledged the attack, citing IT difficulties. And patients were encouraged to think before visiting the emergency departments, while systems were down. However, “emergency care will still be provided for those who do require to be seen."

[Register Now: Upcoming HIMSS Healthcare Security Forum]

The following day, officials reported it was malware and that its staff “have worked hard to minimize the impact on patients and our contingency plans have ensured we have been able to continue to deliver services while the IT issues were resolved.”

“Unfortunately a small number of procedures and appointments have been cancelled as a result of the incident,” officials said. “I would like to apologize to anyone who has been affected by this disruption, however I can assure you that work is already underway to reappoint patients.”

By the weekend, a majority of services had been restored, but officials said it will still be some time until operations are back to normal. Wait times have been longer than normal during the incident.

The investigation revealed the attack was ransomware, specifically a new strain called Bit Paymer -- a well-coded strain that looks like the work of experienced programmers, a report from BleepingComputer found.

Other samples of Bit Paymer were found by the security-researching site in mid-July, while other security researchers saw similar campaigns in June. The ransomware spreads using brute-force campaigns on unpatched RDP endpoints.

Once the hacker is in, the attackers move across the victim’s network and install the virus on each computer within the breached system. There’s currently no way to decrypt the Bit Paymer, and the ransomware asks for up to $230,000 to decrypt infected files.

This is the second time NHS Lanarkshire has fallen victim to ransomware. It was one of the hardest hit hospitals of the WannaCry attacks in May that crippled services at the majority of the U.K.’s National Health System.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com