Islamist hackers linked to Isis carried out an attack on a series of NHS websites in a cyber-attack exposing serious flaws in security systems meant to protect sensitive information, The Independent has learnt.
Graphic, brutal images of violence from Syria’s war were put up on the sites by a group based in North Africa which declared it was carrying out the electronic raid in retaliation for the West’s aggression in the Middle East.
This is believed to be the first time that an Isis-linked group has carried out a concerted attack on the NHS.
There was one instance of a health service site infected last year by a hacker who said he was an Islamist, but the new assault is being viewed by security agencies as much more serious and one which may pave the way for other such strikes.
The six websites struck by the group called the Tunisian Fallaga Team three weeks ago were in the south-west of England and ranged from ones dealing with childcare to funding, with the two sites particularly severely damaged.
The Independent has agreed not to give further details due to security considerations.
It is believed that patient data was vulnerable in the attacks, but initial checks do not indicate that any had been compromised. There is no suggestion patient safety was put at risk.
The hacking comes in the wake of a Government warning that the NHS was facing serious risk of cyber-attacks, something which was “no longer the stuff of spy thrillers and action movies, but a clear and present threat”.
Ben Gummer, Minister for the Cabinet Office , stressed that ”large quantities of sensitive data“ held by the NHS and the Government is being targeted by hackers.
The Tunisian group along with two other groups, Global Islamic Caliphate and Team System DZ, all connected to Isis, are said to carry out coordinated operations.
As well as airlines and media companies, the groups had broken into the US Central Command’s Twitter and YouTube accounts and had published personal details of retired US military personnel.
The Tunisian group had carried out cyber-assaults on a number of countries in the past 18 months, becoming particularly active after the Charlie Hebdo murders in Paris, focusing on organisations which condemned the murders of the journalists.
In November 2015, it showed its reach in the UK with the infection of a Jewish school website in north London.
Around the same time as the Isis-linked assault last month, the Barts Health Trust warned that its four hospitals – Royal London, St Bartholomew’s, Whipps Cross and Newham – were experiencing a virus attack.
This, however, is believed to have been criminal rather than political in nature.
A Trust spokesman said: “We are urgently investigated this matter and have taken a number of drives offline as a precautionary measure.
“We have tried and tested contingency plans in place and are making every effort to ensure that patient care will not be affected.”
Khaled Fattal, the head of the MLi Group, which specialises in cyber-threat intelligence and security, said: “What happened to the NHS sites shows just how vulnerable some institutions continue to be.
“We have two types of these attacks, criminal and political, driven respectively by motives of profit and ideology.
“The political cyber attacks, what’s called policyber, can be organised by a terrorist group, or inspired by them, with individuals or small groups then carrying out the attacks: very much like physical acts of terrorism
“We don’t think that these attacks on the NHS were random acts. They appear to be deliberately targeted at a British public institution and in particular at an institution dealing with something which affects every member of the public, their health. So of course, this is very worrying.”
Robert Emerson, a security analyst, added: “The cyber-terrorist threat to the NHS will be perceived as psychologically more serious than a purely commercial threat . The Government has acknowledged that the NHS and other public bodies are under threat, it’s a matter now of taking appropriate counter-action.”
A programme of training for students with work placements in security companies and Whitehall departments as well as the possibility for work at GCHQ has been launched with a target of 1,000 to be qualified by 2020.
But the House of Commons Public Accounts Committee accused the Government last Friday of failing to consolidate the “alphabet soup” of agencies supposedly dealing with cyber-attacks.
It claimed that the role of the Cabinet Office, which is responsible for protecting national institutions from hacking, remains confused.
Labour MP Meg Hillier, who chairs the committee, said: “Its approach to handling personal data breaches has been chaotic and does not inspire confidence in its ability to take swift, coordinated and effective action in the face of higher-threat attacks.
“In this context, it should concern us all that the Government is struggling to ensure its security profession has the skills it needs.”