Cyber security update
The Trust was subject to a cyber-attack in March 2023, when a malicious actor attempted to infiltrate the Trust network and execute a ransomware attack. The Trust was able to prevent the attack before it was executed, however, there is evidence of some data exfiltration. After a number of audits by specialist bodies, the Trust is unable to determine exactly what data may have been transferred, but can confirm it is around one per cent of possible data that was exposed.
Clinical systems were not affected by the incident and no financial data of patients or staff would have been compromised.
A number of precautionary measures have been taken to improve security and strengthen the Trust’s network, and we continue to monitor closely for malicious or suspicious activity. Some months on, there has been no indication of data misuse associated with this event, nor have there been any recorded complaints. The Trust is therefore encouraged that any data that may have been exfiltrated has, to date, not made its way into the public domain.
Despite this, the Trust would encourage staff and patients to remain vigilant and observe good cyber practice. We would advise:
- Be suspicious of emails that ask you to check, renew or share your logins or passwords
- Don’t open attachments or click on links in emails without first establishing they are legitimate – for example, were you expecting to receive the email?
- Hover over links (without clicking) to see if the link looks legitimate. In many basic “phishing” attempts, the actual link will be different from the one you see in the email
- Check the source of the email – do you know the sender? Be wary if not, and try to verify the sender
- If the content of the email tries to persuade you to do something that seems too good to be true, it probably is
- If the email claims to be from an official source, it will likely have graphics and images. Do they look legitimate? An official source will never ask you to share personal details or login credentials
- Check for spelling and grammar errors in emails – these are often a tell-tale sign of spam
If you receive any communication from the Trust that appears out of the ordinary or suspicious, then we would encourage you to check direct with the relevant team/s to ensure that this is genuine. If you are at all concerned, contact our PALS team: pals.officer@nhs.net
For any other queries or concerns, please contact the Trust’s data protection officer wht.data.protection2@nhs.net