NHS Trust are a prime target for ransomware scams due in part to the antiquated IT in use, according to a series of Freedom of Information requests.
Endpoint security firm Sentinel One filed a series of FOI requests with NHS trusts across the country and found that 30 per cent have been subject to ransomware attacks.
One of them, Imperial College Healthcare NHS Trust, admitted that it had been attacked 19 times in just 12 months.
SentinelOne also found that NHS trusts were often their own worst enemy, with many running out-of-date anti-virus software and presumably, therefore, were lackadaisical in terms of other aspects of their IT security.
Most trusts, with two exceptions, reported that they have some kind of anti-virus protection on their endpoints, but that has not stopped bad traffic getting through.
The FOI requests found that 87 per cent of attacks came via a networked NHS device and that 80 per cent were down to phished staffers. However, only a small proportion of the 100 or so Trusts responded to this part of the requests.
"These results are far from surprising. Public sector organisations make a soft target for fraudsters because budget and resource shortages frequently leave hospitals short-changed when it comes to security basics like regular software patching," said Tony Rowan, chief security consultant at SentinelOne.
"The results highlight the fact that old school anti-virus technology is powerless to halt virulent, mutating forms of malware like ransomware and a new more dynamic approach to endpoint protection is needed.
"In the past, NHS trusts have been singled out by the ICO for their poor record on data breaches and with the growth of connected devices like kidney dialysis machines and heart monitors there is even a chance that poor security practices could put lives at risk."
Many of the trusts said that they were able to identify their attackers, while others blamed faceless hackers.
The findings come a few days after the UK's biggest NHS Trust, Barts Health, said it had hit by a ransomware attack, possibly via its ancient Windows XP PC estate.
AlphaBay users had flocked to Hansa after it was closed down - not realising it had already been taken over by Dutch police
Microsoft closes in on $100bn annual revenues with sales weighing-in at $23.3bn
Moves to take down cyber-squatted domains reveals Fancy Bear hacking network, claims Microsoft
Intel claims 'world first' in artificial intelligence that can be plugged-in almost anywhere