‘Malicious Activity’ Hits the University of Cambridge’s Medical School

The University of Cambridge is constantly ranked among the world’s top universities, with its medical school and vast research facilities among the very best. But for the last month, staff at the prestigious medical school have had work hampered following “malicious activity” on its computer network.

An emailed “staff notice” seen by WIRED, believed to have been sent at the end of February, alerted staff to the disruption and said the university was working to get systems back online as soon as possible. However, weeks later, the incident is still ongoing, and little information has been made public about the nature of the incident.

“IT services provided by the Clinical School Computing Service (CSCS) have been disrupted by malicious activity,” the email reviewed by WIRED says. “We appreciate that some staff and students are experiencing significant disruption to their work and studies, and we are grateful for their patience and understanding.”

The University has confirmed to WIRED that its systems have been impacted; that some services have been voluntarily taken offline; and while it has “contained” the incident, the disruption is ongoing and its investigations will likely take some time to complete. No data has been taken, it says. The UK’s national cybersecurity body and the country’s data regulator are both also looking into the events

The email message sent to staff last month said a “Critical Incident Management Team” has been set up to handle the response. At the time the message was sent, the email said, there was no access to the local IT network and Wi-Fi, and wired internet access had been turned off in impacted buildings, with the Wi-Fi set to be turned on against that same day.

The CSCS provides IT support to staff and researchers in the university’s School of Clinical Medicine. An archived version of its website says there are more than 5,800 devices on its network, and the team provides computers and servers to staff. The email seen by WIRED says that the CSCS also serves the Department of Zoology, Sainsbury Laboratory, which researches plant life; the Stem Cell Institute; and Milner Institute of the School of Biological Sciences, which researches emerging therapies. All have been impacted.

A University of Cambridge spokesperson confirmed the incident to WIRED, saying that “malicious activity” was found on the Clinical School Computing Service last month. “We took immediate action to contain the incident including voluntarily taking some systems offline,” the spokesperson says in a statement. “As a result, there is ongoing interruption to some services.”

It is not clear what the “malicious activity” entails or whether the activity is an attack by criminal hackers or an incident of a different nature. Multiple staff members at university departments did not respond to questions sent by WIRED about whether their work or research had been disrupted or they directed questions to the press office as they are not authorized to speak about the incident.

The University spokesperson did not describe the nature of the problem; however, they said a business continuity plan has been implemented to minimize disruption, and all of the other university and college IT systems are working as normal and are not impacted. “This will likely take some time to complete,” the spokesperson says of its ongoing investigation. “Investigations have found no evidence that data has been taken or transferred without authorisation. We have also received third-party assurance that the incident is contained.” They say the situation has moved on since the email seen by WIRED was sent, and it is not possible to characterize the level of disruption across all departments.