The incident currently appears to be limited to the BHA's internal systems and data.
The British Horseracing Authority (BHA) is investigating what it described as an "IT incident.”
According the Racing Post, the incident had not affected the delivery of race meetings, which would continue to take place as normal, but has led to staff working remotely while the incident is being investigated.
It is understood the incident currently appears to be limited to the BHA's internal systems and data. The BHA is responsible for the governance, administration and regulation of horse racing in the UK and is headquartered in central London.
IT Incident
A spokesperson for the BHA said: "We recently identified and began investigating an IT incident. We are working at pace with external specialists to determine what happened in more detail and safely restore our systems.
"The delivery of racedays has continued as normal and will continue to do so. We have informed our colleagues, core industry stakeholders and law enforcement."
Javvad Malik, lead security awareness advocate at KnowBe4, said: “The ransomware attack on the BHA serves as a reminder that no sector or size of organisation is immune to cyber threats.
“The BHA's swift response, involving external specialists and maintaining race day operations, demonstrates commendable crisis management. However, this incident underscores the critical need for proactive cybersecurity measures.”
Proactive Approach
Brian Higgins, security specialist at Comparitech, said: "It’s early days for this attack but it looks like the BHA have taken a proactive approach and are following a decent Incident Response playbook.
“As the investigation progresses, the BHA will undoubtedly keep all affected stakeholders informed of vulnerabilities and mitigation measures and any concerned parties should look directly to them for information and advice."
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
