| 7.5°C Dublin

Everything you need to know about the NHS cyber attack so far

Theresa May said the Government is not aware of any evidence that patient records have been compromised.


NHS hospitals have been forced to divert emergency ambulances and cancel operations after their computer systems were hit by a massive cyber attack.

Hospitals and GP surgeries in England and Scotland were among at least 16 health service organisations hit by a ransomware attack, using malware called Wanna Decryptor – with reports that potentially dozens more were affected.

Theresa May has said the Government is not aware of any evidence that patient records have been compromised. Here’s everything you need to know about the cyber attack.

Who has been affected?

English hospitals and clinical commissioning groups (CCGs) in London, Blackpool, Hertfordshire and Derbyshire were among those to report problems.

More than half of Scotland’s health boards have been affected by a large-scale cyber attack on NHS computer systems.

Scotland’s biggest health board, NHS Greater Glasgow and Clyde, as well as NHS Tayside, NHS Dumfries and Galloway and NHS Forth Valley confirmed that some of their GP surgeries had been caught up in the incident.

What about elsewhere in the world?


It was later confirmed that the cyber attack has hit almost every corner of the world – Tech firm F-Secure said it has received reports from more than 60 countries.

Several companies in Spain were hit by ransomware attacks, with telecoms firm Telefonica one of those reporting problems.

Megafon, a top Russian mobile operator, said it has come under cyber attacks that appeared similar to those that crippled UK hospitals.

Security experts from Kaspersky Lab and Avast Software say Russia was the hardest hit, followed by Ukraine and Taiwan.

What’s caused the attack?


The malware used is called Wanna Decryptor. It’s a piece of malicious software that encrypts files on a user’s computer, blocking them from view and threatening to delete them unless a payment is made.

The virus is usually covertly installed on to computers by being hidden within innocent-looking emails containing links, which users are tricked into opening. Expert Marco Cova has claimed it may derive from a tool known as EXTERNALBLUE which was developed by the US National Security Agency (NSA).

The tool was made public earlier this year when it was released as part of a “data dump” of NSA cyber tools by a group calling itself The Shadow Brokers.

What happened when the attack hit?


Staff were forced to revert to pen and paper and use their own mobiles after the attack affected key systems, including telephones.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 worth of the online currency Bitcoin, threatening to delete files within seven days.

A spokesman for NHS Digital, which manages health service cyber security, said: “At this stage, we do not have any evidence that patient data has been accessed.

“We will continue to work with affected organisations to confirm this.”


He added the attack “was not specifically targeted at the NHS and is affecting organisations from across a range of sectors”.

It is understood that several health trusts turned their computer systems off as a precautionary measure, rather than being shut down by the attack.


This has led to speculation that the total number of organisations crippled by the ransomware is not as high as some figures reported.

One health trust is believed to have been included among those hit by the malicious software – despite it actually suffering from a separate IT malfunction.

What did Theresa May say in response to the attack?


Theresa May said the Government is not aware of any evidence that patient records have been compromised in the massive cyber attack.

She also said the ransomware hit was “not targeted” at the health service but was part of a wider assault on organisations across a number of countries, and added that the National Cyber Security Centre (NCSC) is working to support the NHS.

May said: “We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack.

“This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected.

“The National Cyber Security Centre is working closely with NHS Digital to ensure that they support the organisations concerned and that they protect patient safety.

“And, we are not aware of any evidence that patient data has been compromised.

“Of course it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected.”

How has it affected hospital patients?


Outside the Royal London Hospital, wheelchair-bound patient Richard Harvey spoke of his disappointment as he wheeled himself home after waiting all day for a procedure that was eventually postponed.

The 50-year-old, who suffered injuries to his hip in a motorcycle accident three years ago, told the Press Association: “Originally I came here because my leg and pelvis kept opening, I was due today to have it washed out and stitched up again.

“I was actually in my bed most of the day, they prefer you not to get out of bed. I didn’t have a time. The operation could have come at any time.

“At ten to five I said to a nurse ‘this is a bit late for an operation’ and she said ‘there’s been a cyber attack’ and I said ‘well go and check’.

“She went away and came back and said that was it.”

Most Watched