Cyber security teams are investigating the fifth suspected attack on the NHS to have taken place last week.
Pharmaceutical publication HSJ ,has revealed that Medway Community Health shut down some systems last week after suspicious activity.
The incident comes after declared cyber incidents at Alder Hey Children’s Foundation Trust, Royal Liverpool University Hospital and the Liverpool Heart & Chest Hospital last week.
Last week also saw the end of an incident from a fortnight ago at Wirral University Teaching Hospital FT.
The Kent incident is not thought to be linked to those in the North West.
The three NW trusts with an ongoing incident last week said in a statement: “Criminals gained unlawful access to data through a digital gateway service hosted by Alder Hey. This digital gateway is shared by Alder Hey and Liverpool Heart and Chest Hospital.
“This has resulted in the attacker unlawfully getting access to systems containing data from Alder Hey Children’s, Liverpool Heart and Chest Hospital, and a small amount of data from Royal Liverpool University Hospital. We have launched an investigation which is still ongoing to determine the full facts around what data has been obtained unlawfully.”
The trusts would not confirm how many patient records had been accessed online, but said “we do not believe the data published or accessed unlawfully relates to children and young people”.
The trusts would not confirm which digital gateway service the breach occurred in, whether they had cyber attack insurance and whether their systems used multi-factor authentication.
Earlier this year, HSJ revealed the breach that took down pathology services across south east London would have been thwarted by this simple security measure.
Wirral stood down its incident on Wednesday last week but would not confirm how many appointments had been cancelled while it investigated.
A spokesperson for Medway Community Healthcare Community Interest Company - annual turnover £75m - said: “We detected some suspicious activity relating to our IT systems. As a precaution, we therefore disconnected our systems to protect patient and staff data.
“If there has been an impact on data we will follow Information Commissioner’s Office guidelines in terms of notification. [Last week] services have worked successfully in business continuity.”
The Kent investigation is ongoing.
More here