NHS cyber-attack: GPs and hospitals hit by ransomware

Media captionThe ransomware involved has been defeated before, reports the BBC’s Chris Foxx

NHS services across England and Scotland have been hit by a large-scale cyber-attack, which is being treated as a major incident.

The prime minister said the incident was part of a wider attack affecting organisations around the world.

Some hospitals and GPs cannot access patient data, after their computers were locked by a malicious program demanding a payment worth £230.

There is no evidence patient data has been compromised, NHS Digital has said.

The BBC understands up to 39 NHS organisations and some GP practices have been affected.

Theresa May said that the National Cyber Security Centre (NCSC) was “working closely” with the NHS but agreed that there was no evidence patient data had been compromised.

“We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack,” she said.

The PM added: “The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety.”

Emergency services

Ambulances have been diverted and there has been disruption at some GP surgeries as a result of the attack.

NHS England said patients in an emergency should go to A&E or access emergency services as they normally would.

Dr Anne Rainsberry, NHS incident director, added: “More widely, we ask people to use the NHS wisely while we deal with this major incident, which is still ongoing.”

Follow developments live

Explaining the global malware outbreak

Media captionNHS cyber attack: ‘My heart surgery was cancelled’

NHS Digital said the ransomware attack was not “specifically targeted at the NHS” and was affecting other organisations.

A massive ransomware campaign appears to have attacked a number of organisations around the world, with reports of infections in more than 70 countries.

Telefonica, the Spanish telecoms company which owns mobile network O2, said it had detected a “cybersecurity incident” but that clients and services had not been affected.

Screenshots of a well known program that locks computers and demands a payment in the virtual currency Bitcoin have been shared online by those affected.

The NHS in Wales and Northern Ireland has not been affected.

NHS Digital said the attack was believed to be carried out by the malware variant Wanna Decryptor.

“NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.

“Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.”


Analysis

Media captionWhat is ransomware?

By Chris Baraniuk, BBC technology reporter

Software that locks a computer and demands payment before allowing access again – ransomware – is one of the world’s biggest growing cyber-threats.

It certainly looks like that is what has hit the NHS in this case – and one IT firm says 11 of its NHS customers have been affected.

Screenshots shared online purportedly from NHS staff, show a program demanding £230 ($300) in the virtual currency Bitcoin of ransomware known as WannaCryptor or WCry.

There’s no indication of who is behind the attack yet, nor do we know exactly how it infected NHS systems.

But hospitals have been targeted with similar software before – it struck three US hospitals last year.


Among those affected are:

  • Alnwick, Berwick, Hexham, Haltwhistle (Northumbria)
  • Birmingham Community Healthcare
  • Blackpool, Lancashire – asked people not to attend A&E unless it was an emergency
  • Broomfield and Colchester General (Essex)
  • Derbyshire – shut down all IT systems
  • Forth Valley, Falkirk – a small number of GP and dental practices have had IT disrupted
  • George Eliot (Warwickshire)
  • Hampshire – says cyber-attack is affecting some services
  • Hertfordshire (East & North) – experiencing problems with computers and phone systems
  • Hull and East Yorkshire
  • James Paget (Great Yarmouth) – cancelled all operations and clinic appointments for the weekend
  • Lanarkshire – closed down its non-essential IT network and urged patients only to attend A&E in an emergency
  • Lincoln County, Pilgrim and Grantham hospitals (Lincolnshire) – switched off IT systems and many phone lines within hospitals
  • Lister, Stevenage – postponed all non-urgent activity and asking people not to come to A&E
  • Northwick Park (NW London)
  • Queens Hospital, Burton
  • Royal Berkshire – phone lines may have problems but patient care remains unaffected
  • Southport (Merseyside) – urging people not to attend outpatient appointments this weekend and re-arrange on Monday
  • Staffordshire and Stoke-on-Trent – told patients only to go to A&E if it is life-threatening
  • St Bartholomew and Royal London
  • UHNM – Royal Stoke
  • Watford General (West Hertfordshire)
  • Yorkshire Teaching Hospitals

‘Entire patient record’

Dr Chris Mimnagh, who works at a medical centre in Liverpool that has been affected, said the attack had made their job impossible.

“Our entire patient record is accessed through the computer, blood results, history, medicines.

“Most of our prescribing is done electronically – we don’t use the prescriptions unless the patient particularly chooses to want a piece of green paper.

“The rest of the time it’s sent direct to the pharmacy and of course, all that is not able to be accessed when we lose the clinical system.”

Media captionDiverted patients and paper notes: A doctor describes the impact on his hospital

Dr Emma Fardon, a GP in Dundee, said she returned from house visits to find a message on the surgery’s computers asking for the money.

“We can’t access any patient records. Everything is fully computerised.

“We have no idea what drugs people are on or the allergies they have. We can’t access the appointments system.”

Media captionNHS chief Saffron Cordery tells PM that hospitals are cancelling their operations

Dr Afzal Ashraf, an expert on cyber-security who has previously worked as an adviser to the government, told the BBC it was likely that the malware was spreading when NHS services shared documents and information.

But he also said he thought it was unlikely the attackers had deliberately targeted the NHS.

He added: “I think they probably attacked a small company assuming they would get a small amount of money but it’s got into the NHS system and now they have the full power of the state against them – because obviously the government cannot afford for this sort of thing to happen and be successful.”

Get news from the BBC in your inbox, each weekday morning

Are you a staff or a patient in the NHS? Have you been affected by this? If you are willing to do so, share with us by emailing .

Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways:

NHS cyber-attack: GPs and hospitals hit by ransomware