Dear Basildon and Thurrock University Hospitals NHS Foundation Trust,

Hi,

You have been sent this FOI request as you have previously indicated that your organisation was the victim of a ransomware attack.

We’re now looking to further investigate these attacks and would appreciate any additional information you can give us.

Many thanks

Do you know the source device of the original infection?
• Yes
• No

If yes, did the ransomware attack originate from a:
• Networked NHS device
• Patient device
• Visitor device

Do you know how the ransomware attacker gained access to your organisation’s network?
• Phishing via email or social media network
• Drive-by-download caused by clicking on a compromised website
• Infection via a computer that was part of a botnet
• Other (please specify)

How far did the most successful ransomware attack get when targeting your organisation’s data?
• The attacker was unable to successfully encrypt any files/data
• The attacker was able to encrypt some files/data

What type of data has been affected by ransomware attackers in the past 12 months in your organisation?
• Employee information
• Patient information
• Payroll/HR
• Financial data
• All data was targeted

Has your organisation been able to identify the attacker in any of the ransomware attacks on your organisation, and if so who was the attacker?
• Organised cyber-criminals
• Opportunistic hackers (non-organised)
• Political hacktivists
• Disgruntled employees/former employees
• State sponsored hackers
• Other (please specify)

Yours faithfully,

Kelly Friend

FOI, Basildon and Thurrock University Hospitals NHS Foundation Trust

Dear Kelly,

Freedom of Information Act Request Acknowledgment

Thank you for contacting the Freedom of Information Office at Basildon and Thurrock University Hospitals NHS Foundation Trust. We confirm that we have received your correspondence.

Your request below is being considered and you will receive a response within the statutory timescale of 20 working days following the date on which the request was received, as defined by the Act, subject to the information not being covered by an exemption or containing reference to a third party.

For your information, the Act defines a number of exemptions which may prevent release of some or all of the information you have requested. There will be an assessment and if any of the exemption categories apply then the information will not be released. You will be informed if this is the case, including your rights of appeal.

If the information you request contains reference to a third party then they may be consulted prior to a decision being taken on whether or not to release some or all of the information to you. You will be informed if this is the case.

There may be a fee payable for this information. This will be considered and you will be informed if as fee is payable. In this event the fee must be paid before the information is processed and released. The 20 working day time limit for responses is suspended until receipt of payment. You will be informed if this is the case.
If you have made a request for information held by the Trust - we will contact you as soon as possible if we need any further information to enable us to answer your request. If we don't need any further information we will respond to you within the statutory timescale of 20 working days following the date on which the request was received.

If you have any further queries or concerns then please do not hesitate to contact us.

Alan Larn | communications officer (Freedom of Information) | communications department
Basildon and Thurrock University Hospitals NHS Foundation Trust | Nethermayne | Essex | SS16 5NL
01268 524900 ext 2992
[email address]

safe  caring  excellent  …together

show quoted sections

Larn, Alan, Basildon and Thurrock University Hospitals NHS Foundation Trust

Dear Kelly,

Thank you for your Freedom of Information request dated 22 September 2016, which has been handled under the Freedom of Information Act 2000 (FOIA).

This was your request:

You have previously indicated that your organisation was the victim of a ransomware attack. We’re now looking to further investigate these attacks and would appreciate any additional information you can give us.

Do you know the source device of the original infection?
• Yes
• No

If yes, did the ransomware attack originate from a:
• Networked NHS device
• Patient device
• Visitor device

Do you know how the ransomware attacker gained access to your organisation’s network?
• Phishing via email or social media network
• Drive-by-download caused by clicking on a compromised website
• Infection via a computer that was part of a botnet
• Other (please specify)

How far did the most successful ransomware attack get when targeting your organisation’s data?
• The attacker was unable to successfully encrypt any files/data
• The attacker was able to encrypt some files/data

What type of data has been affected by ransomware attackers in the past 12 months in your organisation?
• Employee information
• Patient information
• Payroll/HR
• Financial data
• All data was targeted

Has your organisation been able to identify the attacker in any of the ransomware attacks on your organisation, and if so who was the attacker?
• Organised cyber-criminals
• Opportunistic hackers (non-organised)
• Political hacktivists
• Disgruntled employees/former employees
• State sponsored hackers
• Other (please specify)

Our response is as follows:

While we confirm that we do hold the requested information, the Trust is applying an exemption to this information under section 31(1)(a) of the Freedom of Information Act 2000 as we believe that the disclosure of this information would be likely to prejudice the prevention and detection of crime. The relevant parts of the ICO guidance on the subject (https://ico.org.uk/media/for-organisatio...) run as follows:

31.—(1) Information is exempt if its disclosure under this Act would, or would be likely to, prejudice - (a) the prevention or detection of crime. It could be used to withhold information that would make anyone, including the public authority itself, more vulnerable to crime, for example, by disclosing its own security procedures. It is the view of our Information security function that disclosure of the information requested in your message below could prejudice our ability to resist cyber attacks, etc. on our systems.

This is a qualified exemption and therefore requires a public interest test.

The only ransomware attack that the Trust has experienced was successfully recovered from and no ransom paid.

We feel that disclosing the requested information would contribute to public understanding of how the Trust maintains the security of its network. This information could assist an attacker in determining the effectiveness of the Trust’s defences against such attacks and therefore make the Trust more vulnerable to crime. As our network is central to the operation of the Trust and carries patient records, it is of great importance that we can assure the public of the security of the network.

Whilst it is in the public interest to understand that the Trust deals with such attacks and protects its network from ransomware, we believe that the public interest in maintaining the security of the network far outweighs that for disclosure and that this exemption is therefore appropriately engaged. It is also in the public interest that public money is not spent in dealing with increased levels of ransomware attacks.

The prevention and detection of this crime would therefore be prejudiced if we were to provide information regarding our response to such attacks

I hope that the response that the Trust has provided is satisfactory. However, if you are dissatisfied with the way in which your Freedom of Information request has been dealt with you can request an internal review. Please email [email address] within 40 working days with clarification of what you would like to be reviewed. We will aim to provide a review response within 20 working days.

If you remain dissatisfied, you have the right under section 50 of the Act to apply to the Information Commissioner to seek resolution to the matter. Further details can be found on their website: http://www.informationcommissioners.gov.....

We ask that you take a couple of minutes and complete a short survey in relation to your FOI request. The questions relate to your request and how it was handled and the response received. Click here.

Kind regards,

Alan Larn | communications officer (Freedom of Information) | communications department Basildon and Thurrock University Hospitals NHS Foundation Trust | Nethermayne | Essex | SS16 5NL
01268 524900 ext 2992
[email address]

safe  caring  excellent  …together

show quoted sections