FOI Request
- Disclosure ID
- FOI/03358
- Request Date
- October 14, 2019
- Subject
- Ransomware 31/10/19
- Description
1. In the last 5 years, how many times has your trust/hospital suffered from a ransomware attack? Please provide specific dates (months/years) if possible.
2. How much downtime did this cause (in hours)?
3. Did you pay the ransom? If so, how much was the ransom?
4. What was the total cost of the incident to your hospital/trust?
- Response
If disclosed, this information could be used to identify ways of breaching our Trust’s IT security measures, which would thereby put us at increased risk of cyber-attack. This would potentially put invaluable patient and staff data at risk, which the Trust has a legal duty to protect under the Data Protection Act, and other confidential data which is essential to the running of Trust services.
The disclosure of information which may undermine the integrity of our IT systems, and NHS IT systems on a national scale, is exempt under Section 24. The disclosure of information which would make our Trust more vulnerable to crime is exempt under Section 31, as releasing the requested information may prejudice our ability to prevent cyber-crime targeting our systems.
These are qualified exemptions; the public interest in withholding information must outweigh the public interest in disclosure. It is the opinion of the Trust that the public interest in protecting the integrity of our information and ensuring our ability to provide healthcare services justifies the application of these exemptions.
The information in this response is provided under the terms of the Open Government Licence. Please see here for more information:
http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/