Two companies involved in building emergency hospitals for the coronavirus outbreak have been hit by cyberattacks.
Outsourcing giant Interserve, which recently supported the NHS in building Birmingham’s Nightingale Hospital, confirmed it had been the target of an attack earlier this month.
Construction firm BAM Construct UK has now also confirmed it has been the subject of a “significant cyberattack”.
Interserve holds crucial Government contracts for a range of services in prisons, schools and hospitals, while BAM Construct was involved in the construction of the Nightingale Hospital Yorkshire and the Humber in Harrogate.
BAM Construct said the incident had had no operational effect on the Nightingale hospital or any other of its construction schemes.
The incidents come after a joint advisory from the cybersecurity agencies in the UK and US warning that organisations linked to the response to Covid-19 were being targeted by cybercriminals.
Last week, the UK’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) said they believe criminals were targeting such organisations in the hope of gathering sensitive information related to the coronavirus outbreak.
In a statement, BAM Construct UK said: “We have stood up extremely well to a significant cyber-attack on our business, which forms part of the wave of attacks on public and private organisations supporting the national effort on Covid-19.
“Supplier and employee payments are being made and so it is, for our clients, subcontractors and our teams, pretty much business as usual.
“Our IT teams have closed access to a number of systems, including our website, as a precaution and we have alternative arrangements in place when necessary to ensure business continuity.
“Our own precautions have had more of an effect on our normal working procedures than the virus itself, but it is important for us to be absolutely confident that restoring all systems – at a time when we are working from home in unprecedented numbers – is done carefully.
“We have reported the attack to the authorities and, as everyone would after such an event, are taking the opportunity to learn from it to make any necessary changes to our systems for the future.”
Earlier on Wednesday, Interserve had confirmed its own cyberattack, confirming some of its services had could be impacted as a result.
“Interserve is working closely with the National Cyber Security Centre (NCSC) and Strategic Incident Response teams to investigate, contain and remedy the situation.
“This will take some time and some operational services may be affected,” the firm said.
“Interserve has informed the Information Commissioner (ICO) of the incident.
“We will provide further updates when appropriate.
“Interserve’s employees, former employees, clients and suppliers are requested to exercise heightened vigilance during this time.”
The ICO confirmed it was aware of the incident and that it would “assess the information provided”.
Responding to the initial attack on Interserve, an NCSC spokesperson said: “We are aware of an incident affecting Interserve Group Limited and are working closely with the company to understand its impact and advise on mitigation.”
The NCSC has not yet commented on the second incident.