NHS cyber-attack: GPs and hospitals hit by ransomware

  • Published
Media caption,

The ransomware involved has been defeated before, reports the BBC's Chris Foxx

NHS services across England and Scotland have been hit by a large-scale cyber-attack that has disrupted hospital and GP appointments.

The prime minister said the incident was part of an untargeted wider attack affecting organisations globally.

Some hospitals and GPs have been unable to access patient data, after their computers were locked by a ransomware program demanding a payment worth £230.

But there is no evidence patient data has been compromised, NHS Digital said.

The BBC understands about 40 NHS organisations and some GP practices have been hit. The NHS in Wales and Northern Ireland has not been affected.

There is no indication of who is behind the attack yet, but the hackers demanded their payment in the virtual currency Bitcoin, which is harder to trace.

Prime Minister Theresa May said: "This is not targeted at the NHS, it's an international attack and a number of countries and organisations have been affected."

Ambulances diverted

Mrs May added that the National Cyber Security Centre (NCSC) was "working closely" with the NHS "to ensure that they support the organisations concerned and that they protect patient safety".

Ambulances have been diverted from hospitals in some areas and there has been disruption at some GP surgeries as a result of the attack.

NHS England said patients in an emergency should go to A&E or access emergency services as they normally would.

Dr Anne Rainsberry, NHS incident director, added: "More widely, we ask people to use the NHS wisely while we deal with this major incident, which is still ongoing."

Media caption,

Angry doctors, disappointed patients: Reactions to the cyber-attack on the NHS

A massive ransomware campaign appears to have attacked a number of organisations around the world, with reports of infections in more than 70 countries.

Telefonica, the Spanish telecoms company which owns mobile network O2, said it had detected a "cybersecurity incident" but that clients and services had not been affected.

Screenshots of a program that locks computers and demands a payment in Bitcoin have been shared online by those affected.

NHS Digital said the attack was believed to have been carried out by the malware variant Wanna Decryptor.

"Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available," it said.

Why has the NHS been hit so hard?

Media caption,

Technology explained: what is ransomware?

There could be a lot of reasons why the NHS was hit so hard by this attack.

The most likely one is because it is a huge organisation supported by a massive IT infrastructure.

It also has lots of partners and suppliers that connect to its core network.

Complexity is the enemy of security and it is a fair bet that some bits of that network, especially those operated by suppliers, are not as well maintained as they should be.

This could mean that patches that would have thwarted WannaCry were not applied.

So, as soon as the worm got in, it could run rampant.

Dr Chris Mimnagh, who works at a medical centre in Liverpool, said the attack had made its job impossible.

"Our entire patient record is accessed through the computer - blood results, history, medicines.

"Most of our prescribing is done electronically... it's sent direct to the pharmacy and... all that is not able to be accessed when we lose the clinical system."

'Power of the state'

Dr Emma Fardon, a GP in Dundee, said she had returned from house visits to find a message on the surgery's computers asking for money.

"We can't access any patient records. Everything is fully computerised," she said.

"We have no idea what drugs people are on or the allergies they have. We can't access the appointments system."

Media caption,

NHS chief Saffron Cordery tells PM that hospitals are cancelling their operations

Dr Afzal Ashraf, an expert on cyber-security who has previously worked as an adviser to the government, told the BBC it was likely that the malware was spreading when NHS services shared documents and information.

But he also said he thought it was unlikely the attackers had deliberately targeted the NHS.

He added: "I think they probably attacked a small company assuming they would get a small amount of money but it's got into the NHS system and now they have the full power of the state against them - because obviously the government cannot afford for this sort of thing to happen and be successful."