I am writing to you under the Freedom of Information Act 2000 to request the following information for the period 1st January 2017 to 22nd May 2017:
- Details of any Ransomware that has affected any of the IT systems used by the Heart Of England NHS Foundation Trust. In each case this should include:
-
- The name of the Ransomware
WannaCry
-
- The systems affected by the attack and what it is normally used for
See Note 1 below
-
- The operating system being run
See Note 1 below
-
- When and for how long systems were affected-
See Note 1 below
-
- How the systems were affected, i.e. whether files were decrypted, systems locked, or other (please specify)
See Note 1 below
-
- What would happen if the ransom was not paid
See Note 1 below
-
- How the Ransomware gained access to the network, i.e. phishing email, USB stick, other (please specify)
See Note 1 below
-
- The ransom requested
$US300
-
- If the ransom was paid and the total ransom paid for the attack
No
-
- The number of medical activities (e.g. operations, scans, prescriptions, etc) that had to be suspended or altered during the infection period
12 Trauma and Orthopaedic cancellations.
Affected devices were isolated until fixes applied and alternative PCs were used
- Details of any other type of malware that has affected any of the IT systems used by the Heart of England NHS Foundation Trust. In each case this should include:
- The name of the malware
No major malware or virus attacks; however like many organisations the Trust will be subject to virus, Ransomware etc. attacks on a daily basis which are usually detected and prevented by firewalls and AV solutions
-
- The systems affected by the attack and what it is normally used for
Not applicable
-
- The operating system being run
Not applicable
-
- How the systems were affected, i.e. whether files were decrypted, systems locked, data stolen or other (please specify)
Not applicable
-
- When and for how long systems were affected
Not applicable
-
- How the Ransomware gained access to the network, i.e. phishing email, USB stick, other (please specify)
Not applicable
-
- The number of medical activities (e.g. operations, scans, prescriptions, etc.) that had to be suspended or altered during the infection period
Not applicable
- Any correspondence between senior members of staff about incidents logged as part of 1 and 2.
See note 1 below
- Any correspondence between the Heart of England NHS Foundation Trust and government departments logged as part of 1 and 2.
See Note 1 below
Note 1: Where stated above, the trust does hold this information; however we are withholding it under Section 31 (3) of The Freedom of Information Act as the disclosure could prejudice the prevention or detection of (cyber) crime. There is therefore significant public interest in not providing this information.