Cyber Incident Victim: Barts Health NHS Trust

On January 13, 2017, Barts Health NHS Trust, the United Kingdom's largest NHS trust operating five hospitals in East London serving approximately 2.5 million people, experienced a cyber-attack that forced the organization to take multiple critical IT systems offline. The Trust characterized the event as an "IT attack" and implemented precautionary measures by isolating several drives from its network infrastructure. Initial reports suggested ransomware involvement, but subsequent investigation by the Trust confirmed ransomware was not the root cause of the incident. Core clinical systems, including the Cerner Millennium electronic health record platform, remained operational throughout the event, as did radiology and imaging systems handling X-rays and scans. Pathology services, however, were disrupted and taken offline due to the attack, impacting diagnostic operations. The Trust activated established contingency plans to maintain clinical operations, asserting that patient care delivery would not be compromised despite the technical disruptions.

The incident highlighted potential systemic vulnerabilities within NHS infrastructure, with reports indicating Barts Health may have been running unsupported Windows XP operating systems at the time of the attack. Microsoft had discontinued security patches for XP in 2014, leaving unupdated systems exposed to exploitation of unpatched vulnerabilities. A December 2016 Freedom of Information Act disclosure had revealed that 90% of NHS trusts in England still used XP, suggesting widespread legacy system exposure across the healthcare system. While the Trust maintained critical clinical functionality during the attack, the forced isolation of pathology systems demonstrated tangible operational impact. No data theft or specific attacker methodology was disclosed by the Trust, which focused restoration efforts on maintaining core clinical workflows while investigating the compromised systems.