NHS hospitals across England hit by large-scale cyber-attack

Published on: May 12th, 2017

Many hospitals having to divert emergency patients, with doctors reporting messages demanding money

Have you been affected by the NHS cyber-attack?

The NHS is investigating a cyber-attack on its systems. Photograph: @fendifille/Twitter/PA
Share on Facebook Share on Twitter Share via Email View more sharing options

Friday 12 May 2017 11.48 EDT First published on Friday 12 May 2017 10.15 EDT
Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients.

The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS Digital said it was aware of the problem and would release more details soon.

Details of patient records and appointment schedules, as well as internal phone lines and emails, have all been rendered inaccessible.

NHS Digital said: “A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack which is affecting a number of different organisations.

“The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.

“NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations.

“This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

“Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.”

According to reports, affected hospitals include those run by East and North Hertfordshire NHS trust, Barts Health in London, Essex Partnership university NHS trusts, the university hospitals of Morecambe Bay NHS foundation trust, Southport and Ormskirk hospital NHS trust and Blackpool teaching hospital NHS foundation trust.

More reports of affected hospitals are continuing to stream in, as well as claims that GP surgeries are coming down with the virus, which demands a payment of $300 to release files it claims have been encrypted. The NHS has been unable to give a full list of the sites affected.

British law enforcement believes the attack is criminal in nature, as opposed to be a cyber attack by a foreign power, and is being treated as serious but without national security implications.

The National Crime Agency, which is Britain’s version of the FBI, was taking the lead in dealing with the investigation into the attack. Investigators believe the attack is significant with many computers affected across the country.

A spokesman for the National Cyber Security Centre said: “We are aware of a cyber incident and are working with NHS digital and the NCA to investigate.”

In a message to a Guardian reporter, one NHS IT worker said: “At approximately 12.30pm we experienced a problem with our email servers crashing. Following this a lot of our clinical systems and patient systems were reported to have gone down.

“A bitcoin virus pop-up message had been introduced on to the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen. This followed with an internal major incident being declared and advised all trust staff to shut down all PCs in the trust and await further instructions.

“This is affecting the east of England and number of other trusts. This is the largest outage of this nature I’ve seen in the six years I’ve been employed with the NHS.”

Another NHS worker, who works at an Essex hospital but asked to remain anonymous, said: “We got some ransomware that came through on the computers at about 2pm. We were told to shut down, take out network cables and unplug the phones. A message came up for just one of our team about the fact that all the files would be wiped in two hours unless we gave $300 in bitcoins.”

She confirmed that the image that appeared on her colleague’s screen was the same as one that has already been circulated on Twitter, which says: “Ooops, your files have been encrypted!

“Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service.”

The screen tells users to send $300 worth of bitcoin to a bitcoin wallet address. It adds: “You only have three days to submit the payment. After that the price will be doubled. Also if you don’t pay in seven days, you won’t be able to recover your files forever.”

One person who appeared to be an NHS worker posted an image purportedly of the message that the virus was showing on affected computers.