St John Ambulance hacked: Ransomware attack similar to NHS breach lasts 30 minutes | UK | News

During the 30-minute long ransomware attack, the unknown hackers blocked the charity’s access to its online systems. St John Ambulance, which specialises in first aid delivery and training, said it didn’t pay any money to get rid of the cybercriminals and assured no passwords or credit card details had been stolen. But the data of some people may have been affected by the hacking, which took place on July 2 at 9am, the volunteer-led organisation warned. 

According to a statement published on the charity’s website, the breach affected data related “to our training course delivery”.

The statement continued: “It does not cover supplies, events, ambulance operations, volunteering, volunteer, data, employee data, clinical data or patient data.”

Explaining how the ransomware took place, the statement said: “This has not affected our operational systems and we resolved the issue within half an hour.

“This means that we were temporarily blocked from accessing the system affected and the data customers gave us when booking a training course was locked. 

READ MORE: EMAIL WARNING - If you receive this message in your inbox do NOT click on it

“We are confident that data has not been shared outside St John Ambulance.”

St John Ambulance said the breach has been reported to the Charity Commission, the police and the Information Commissioner’s Office (ICO) - as confirmed by the ICO itself.

In a further call for calm, St John Ambulance added the people whose data may have been affected don’t need to take any immediate action at the moment.

However, the statement added: “If you work for one of our corporate customers, please pass this email on to the person in your organisation who is responsible for data protection.” 

This is not the first time a medical institution becomes the victim of hackers.

In May 2017, hundreds of private companies and public organisations around the world fell victim of a devastating virus attack branded WannaCry.

Among those targeted there was the NHS, with GPs and hospitals forced to turn away patients and cancel approximately 19,000 appointments as they were unable to enter their systems. 

Hackers left thousands of computers with just two usable files, instructions on what to do next and the Wanna Decryptor programme.

Cybercriminals often use ransomware, a type of malicious software, to deny access to a system or data until a ransom is paid.

Just like other online viruses, ransomware can be spread through clicking links on phishing emails or by visiting an infected website.

The Department of Health and Social Care (DHSC) estimated that WannaCry cost the NHS £92million in direct costs and lost output.    

Comments are closed.