Cyber Incident Victim: National Health Service
Date:
Jan 2017
Location:
United Kingdom
Summary
ISIS-affiliated hackers targeted NHS websites, defacing them with graphic Syrian civil war imagery as retaliation against Western policies. The attack, attributed to the Tunisian Fallaga Team, exposed significant security vulnerabilities, potentially compromising patient data, though no breaches were confirmed. This incident highlighted concerns over the health service's cybersecurity preparedness amid government warnings about threats to public institutions. Analysts noted the psychological impact of such ideologically motivated attacks, distinguishing them from financially driven cybercrime. Concurrently, unrelated criminal malware affected another hospital trust, underscoring broader systemic risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around January 17, 2017, a cyberattack attributed to the Tunisian Fallaga Team, an ISIS-affiliated hacking group based in North Africa, targeted six NHS websites in south-west England. The attackers defaced the sites with graphic images depicting violence from the Syrian civil war, accompanied by declarations that the intrusion was retaliation against Western military actions in the Middle East. The compromised websites included those related to childcare services and funding bodies, with two sites sustaining particularly severe damage. While the attack exposed vulnerabilities in NHS security systems and raised concerns about patient data exposure, initial investigations found no evidence that sensitive information was accessed or exfiltrated. Patient safety was not directly jeopardized, though the incident marked the first known coordinated cyber assault on the NHS by an ISIS-linked entity.
The attack occurred amid prior government warnings about cyber threats to critical infrastructure, with Cabinet Office Minister Ben Gummer having emphasized that NHS data repositories represented high-value targets. Security analysts characterized the incident as a deliberate targeting of a foundational British public institution, amplifying its psychological impact compared to financially motivated cybercrime. Concurrently, Barts Health Trust reported unrelated virus infections affecting four hospitals, though this was attributed to criminal actors rather than ideological attackers. In response to the breaches, NHS authorities took precautionary measures by taking affected systems offline while implementing contingency plans to maintain clinical operations. The incident intensified scrutiny of the UK's cybersecurity preparedness, with the House of Commons Public Accounts Committee criticizing fragmented oversight among agencies and insufficient coordination in addressing data breaches. The government had initiated a training program aiming to qualify 1,000 cybersecurity professionals by 2020, though concerns persisted about institutional capability to counter evolving threats from ideologically motivated hacker collectives.