Ransomware in UK Hospitals

The request was refused by East Lancashire Hospitals NHS Trust.

Dear East Lancashire Hospitals NHS Trust,

1. In the last 5 years, how many times has your trust/hospital suffered from a ransomware attack? Please provide specific dates (months/years) if possible.
2. How much downtime did this cause (in hours)?
3. Did you pay the ransom? If so, how much was the ransom?
4. What was the total cost of the incident to your hospital/trust?

All of the data gathered will be anonymised in our final analysis and no individual trusts will be mentioned.

Yours faithfully,

Rebecca Moody

Freedom of Information (ELHT) Mailbox, East Lancashire Hospitals NHS Trust

Thank you for your Freedom of Information Request under the terms of the Freedom of Information Act 2000 – Ref: 2019/10/14 Moody R

Under the Act, the department is required to provide you with a response within 20 working days. We will write to you in response to your request for information by the 11 November 2019.

The Freedom of Information Act includes a number of exemptions to releasing information. Some of these are qualified exemptions which require us to consider whether it is in the public interest to disclose or withhold the information. In these circumstances we may need more time to consider your request, and if this is the case we will write to you by the date above to inform you of when you can expect to receive a response. If you have any queries regarding this request please do not hesitate to contact me, quoting the reference number at the top of this email in all future correspondence.

Details of how we will process your request are available on our website at: https://elht.nhs.uk/about-us/freedom-of-...

Yours sincerely

Freedom of Information Team
East Lancashire Hospitals NHS Trust

[email address]

Website: www.elht.nhs.uk

Royal Blackburn Hospital | Haslingden Road | Blackburn | Lancashire | BB2 3HH
The information contained in this email may be privileged. It is intended for the addressee only. If you are not the intended recipient, or the designated substitute, please notify the sender and delete this email immediately. The contents of this email must not be disclosed without the sender's consent. We cannot accept any responsibility for viruses, so please scan all attachments.
Please consider the environment before printing this e-mail

show quoted sections

Freedom of Information (ELHT) Mailbox, East Lancashire Hospitals NHS Trust

Dear Ms Moody,
Thank you for your Freedom of Information Request under the terms of the Freedom of Information Act 2000. Please find the response to your questions below.

1. In the last 5 years, how many times has your trust/hospital suffered from a ransomware attack? Please provide specific dates (months/years) if possible.
2. How much downtime did this cause (in hours)?
3. Did you pay the ransom? If so, how much was the ransom?
4. What was the total cost of the incident to your hospital/trust?

RESPONSE
The Trust has made a decision to exempt your request under Section 31 – Law Enforcement, of the Freedom of Information Act on the basis that this information once in the public domain would allow criminals, particularly those in cyber crime, to identify if the Trust’s cyber security is vulnerable. There is also the risk that any current/recent cyber-attacks would be “tipped off” as to whether this has been identified and the general response taken for incidents.

However, information regarding the Wannacry incident is in the public domain and your questions will be answered based on that.
1 - Once in May 2017
2 - None
3 - No
4 - Unable to quantify the overall cost

If you are not satisfied with the response you have received in relation to your request and wish to request a review or make a complaint, you should write to the Trust Data Protection Officer/Head of Information Governance, Corporate Development Building, Royal Blackburn Hospital, Haslingden Road, Blackburn, BB2 3HH. Email: [East Lancashire Hospitals NHS Trust request email]

If you are not content with the outcome of our review, you may apply to the Information Commissioner for a decision. The Information Commissioner can be contacted at:

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF


Yours sincerely,

Freedom of Information Team
East Lancashire Hospitals NHS Trust
[email address]

Website: www.elht.nhs.uk
Twitter: @ELHT_NHS
Facebook: ELHT.NHS

Corporate Development Building | Royal Blackburn Hospital | Haslingden Road | Blackburn | Lancashire | BB2 3HH

The information contained in this email may be privileged. It is intended for the addressee only. If you are not the intended recipient, or the designated substitute, please notify the sender and delete this email immediately. The contents of this email must not be disclosed without the sender's consent. We cannot accept any responsibility for viruses, so please scan all attachments.
Please consider the environment before printing this e-mail

show quoted sections