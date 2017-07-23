NHS trusts across Northern Ireland may not be aware if cyber criminals are stealing patients’ medical and social care records – and distributing them on the dark web – an expert has warned.

After freedom of information inquiries by the News Letter, Northern Ireland’s five main health trusts revealed a total of only two attempted or successful cyber attacks in the past three years.

A similar picture emerged from inquiries to 10 of Northern Ireland’s 11 district councils, which also recorded only two in the same period.

However, two Northern Ireland experts flagged up the possibility that both trusts and councils may not know they are being hacked.

In May the services of 45 NHS organisations and GP practices in England and Scotland were disrupted amid a global cyber attack which British security officials said originated in North Korea.

Some hospitals and GPs were unable to access patient data, after ransomware locked their computers, demanding a payment worth £230.

David Crozier is head of strategic partnerships & eEngagement at the Centre for Secure Information Technologies (CSIT) at Queen’s University Belfast, one of the top 10 academic research centres on cyber security in the world.

When the News Letter pointed out how few attacks had been reported by the Northern Ireland trusts and councils over three years, he replied: “But to what extent do they know? So, yes, if they have had a ransomware attack they will know.

“[But] will they know maybe that there is an APT (an advanced persistent threat) sitting on their network for the past 18 months exfiltrating [secretly withdrawing] data?

“They may not know that if they don’t have the tools and techniques to detect that, or [if] they don’t have the experienced threat intelligence team, or [unless] they are contracting a threat intelligence organisation to scan the dark web in places like bit bucket for data that has been stolen from their organisation. So some of them might not know. So in that regard it is a genuine response.”

Brendan McGuigan, chief inspector of the Criminal Justice Inspectorate NI, made a similar point.

His organisation recently published a report on cyber crime in Northern Ireland after nine months research. He said “every area” of public services in Northern Ireland could be compromised without realising it.

“Sometimes even health trusts wouldn’t even know that their system has been compromised... Why are health trusts not reporting more incidents of breaches of their IT systems?” he asked. “And you could extend that into every area of public services.”

His concerns could therefore also potentially apply to the Northern Ireland Assembly, which suffered two unsuccessful ransomware attacks on its data network in the past two years.

The PSNI declined to answer a freedom of information inquiry on how many attacks it may have been subjected to, saying the cost would be prohibitive.

The Northern Health and Social Care Trust initially declined to say how many incidents it had suffered, but eventually said there had been no “successful” cyber attacks. However, it declined to say how many “attempted” attacks it has been subjected to, saying such information could be used to help access “information relating to the medical and social care of patients”.

The Causeway Coast and Glens Borough Council said it faces “an average of 80 hacking attempts every 24 hours ... none to date have been successful”.