NHS hospitals hit by cyber attack spreading across England

NHS

NHS

Computers have been shut down across the country after NHS computers across the county were hit by a cyber attack.

The attack is said to be a ‘national’ problem although it is not yet clear how it has affected our area yet.

Dr Tony Naughton, the chief clinical officer at Fylde and Wyre CCG, described the problem as ‘national’, while East and North Hertfordshire NHS Trust said it believed it had been hit by a ‘cyber attack’ and had suspended all non-urgent activity.

Tech experts are now battling to fix the problem, but computers at walk-in centres, hospitals, and at GP surgeries have been taken offline. Patients have been urged to avoid them all ‘unless absolutely necessary’, and should call 111 for triage and medical advice.

East and North Hertfordshire NHS trust, one of the those affected, said in a statement: “Today (Friday, 12 May 2017), the trust has experienced a major IT problem, believed to be caused by a cyber attack.

“Immediately on discovery of the problem, the trust acted to protect its IT systems by shutting them down; it also meant that the trust’s telephone system is not able to accept incoming calls.

“To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need.”

A statement from NHS Digital said: “A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack which is affecting a number of different organisations.

“The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.

“At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.

“NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations.

“This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

“Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.

“As at 15.30, 16 NHS organisations had reported that they were affected by this issue.”

The NHS is under increasing attack from cyber blackmailers attempting to extort ransoms from dozens of hospitals using internet viruses which encrypt data.

Health service trusts serving millions of patients have been hit by the “ransomware” attacks in the past 12 months, prompting concern that antiquated IT systems are leaving NHS data such as patient records vulnerable to exploitation by criminals.

The rise of ransomware was last week highlighted by Europol, the EU’s law enforcement body, as the “dominant threat” to public and private organisations across Europe as organised crime groups deploy an increasingly sophisticated arsenal of viruses.

“NHS trusts are being increasingly targeted and any loss of patient data would be a nightmare scenario. Like everyone else, they need to be applying robust controls.”

Ransomware works by implanting a piece of software, often sent disguised in an email, which then turns data on a machine or network into encrypted gobbledygook. The senders then demand a ransom, paid in an untraceable cyber currency such as BitCoin, which averages £350 to £700 but can reach into thousands. According to one estimate, the extortion racket is worth some £300m a year.

NHS Digital, the body which oversees cybersecurity for the health service, acknowledged an increase in attacks but said that no ransom was paid in any of the “rare” serious ransomware incidents reported to it and that no data was lost. It said patient records had not been affected, adding that the NHS was one of myriad organisations being targeted by the attacks.