Cybersecurity · Information operations · Information Warfare

UK: NHS cyber-attack: GPs and hospitals hit by ransomware

This could easily be fatal for affected patients. 

This is critically important.  Someone, be it a country state or gang, has graduated into the certified bad-guy category.  I am guaranteeing this is a Tier 1 criminal investigation.

This has moved beyond the digital realm into the physical world.  

Why someone does this is beyond criminal, it’s pathologically evil. 

</end editorial>

  • 16 minutes ago

Media captionDiverted patients and paper notes: A doctor describes the impact on his hospital

A major incident has been declared after NHS services across England and Scotland were hit by a large-scale cyber-attack.

Staff cannot access patient data, which has been scrambled by ransomware. There is no evidence patient data has been compromised, NHS Digital has said.

The BBC understands up to 25 NHS organisations and some GP practices have been affected.

It comes amid reports of cyber-attacks affecting organisations worldwide.

A Downing Street Spokesman said Prime Minister Theresa May was being kept informed of the situation, while Health Secretary Jeremy Hunt is being briefed by the National Cyber Security Centre.

Follow developments live

Patient safety

Ambulances have been diverted and patients warned to avoid some A&E departments as a result of the attack.

NHS Digital said the ransomware attack was not “specifically targeted at the NHS” and was affecting other organisations.

A massive ransomware campaign appears to have attacked a number of organisations around the world.

Screenshots of a well known program that locks computers and demands a payment in Bitcoin have been shared online by those claiming to be affected.

NHS Digital said the attack was believed to be carried out by the malware variant Wanna Decryptor.

“NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.

“Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.”


By Chris Baraniuk, BBC technology reporter

Software that locks a computer and demands payment before allowing access again – ransomware – is one of the world’s biggest growing cyber-threats.

It certainly looks like that is what has hit the NHS in this case – and one IT firm says 11 of its NHS customers have been affected.

Screenshots shared online purportedly from NHS staff, show a program demanding $300 (£230) in Bitcoin that looks similar to ransomware known as WannaCryptor or WCry.

There’s no indication of who is behind the attack yet, nor do we know exactly how it infected NHS systems.

But hospitals have been targeted with similar software before – it struck three US hospitals last year.

Among those affected are:

  • Watford General
  • Southport
  • Lancashire – Blackpool
  • Broomfield Hospital, Essex
  • Lister – Stevenage
  • East & North Hertfordshire
  • Leicester
  • Northwick Park (NW London)
  • Lincoln
  • St Bartholomew and Royal London
  • Aintree
  • Colchester General Hospital
  • Norfolk and Norwich
  • James Paget (Norfolk)
  • Queens Hospital, Burton
  • UHNM – Royal Stoke

‘Entire patient record’

Dr Chris Mimnagh, who works at a medical centre in Liverpool that has been affected, said the attack had made their job impossible.

“Our entire patient record is accessed through the computer, blood results, history, medicines.

“Most of our prescribing is done electronically – we don’t use the prescriptions unless the patient particularly chooses to want a piece of green paper.

“The rest of the time it’s sent direct to the pharmacy and of course, all that is not able to be accessed when we lose the clinical system.”

Dr Emma Fardon, a GP in Dundee, said she returned from house visits to find a message on the surgery’s computers asking for the money.

“We can’t access any patient records. Everything is fully computerised.

“We have no idea what drugs people are on or the allergies they have. We can’t access the appointments system.”

Non-urgent activity postponed

The East and North Hertfordshire NHS Trust says it is experiencing problems with computers and phone systems.

It has postponed all non-urgent activity and is asking people not to come to A&E at the Lister Hospital in Stevenage.

IT specialists are working to resolve the problem as quickly as possible, a statement from the trust says.

Some GP and dental practices have been affected in the NHS Dumfries and Galloway and NHS Forth Valley areas.

Both health boards said steps were being taken to minimise the risk of the problem spreading.

Also affected is Derbyshire Community Health Services NHS Trust, which says it has shut down all of its IT systems following a “secure system attack”.

A GP from a surgery in York said: “We received a call from York CCG [Clinical Commissioning Group] around an hour ago telling us to switch off all of our computers immediately.

“We have since remained open, and are dealing with things that can be dealt with in the meanwhile.”

Meanwhile, Blackpool Hospitals NHS Trust has asked people not to attend A&E unless it was an emergency because of computer issues.

But the NHS in Wales said it had a separate IT system and had not been affected by the cyber-attack.