NHS hospitals plunged into chaos by major cyber attack

The NHS has been hit by a major cyber attack on its computer systems (PA)

David Wilcock, Jack Hardy and Hilary Duncanson

May 12 2017 06:35 PM

NHS hospitals have been forced to divert emergency ambulances and cancel operations after their computer systems were hit by a massive cyber attack.

Hospitals and GP surgeries in England and Scotland were among 16 health service organisations hit by a ransomware attack, using malware called Wanna Decryptor.

Staff were forced to revert to pen and paper and use their own mobiles after the attack affected key systems, including telephones.

Pictures posted on social media showed screens of NHS computers with images demanding payment of 300 US dollars worth of the online currency Bitcoin, threatening to delete files within seven days.

A spokesman for NHS Digital spokesman, which manages health service cyber security, said: "At this stage we do not have any evidence that patient data has been accessed.

"We will continue to work with affected organisations to confirm this."

He added the attack "was not specifically targeted at the NHS and is affecting organisations from across a range of sectors".

The attack came as several companies in Spain were hit by ransomware attacks. Telecoms firm Telefonica was one of those reporting problems.

English hospitals and clinical commissioning groups (CCGs) in London, Blackpool, Hertfordshire and Derbyshire were among those to report problems.

In Scotland NHS Greater Glasgow and Clyde, NHS Dumfries and Galloway and NHS Forth Valley said some of their GP surgeries have been caught up in the incident.

NHS Lanarkshire and NHS Western Isles also confirmed they have been affected.

First Minister Nicola Sturgeon is to chair a resilience meeting on the issue.

St Barts Health NHS Trust, which runs The Royal London, St Bartholomew's, Whipps Cross and Newham hospitals in London, said it had implemented its major incident plan to cope with disruption.

It was hit by a previous ransomware attack in January.

At the Royal London Hospital operations were cancelled and staff were ordered not to touch their computers.

Wheelchair-bound Richard harvey, 50, told how he was forced to leave his ward after a procedure on hip injuries sustained in a motorcycle accident three years ago was postponed.

Mr Harvey, who spent all day fasting ahead of surgery, told the Press Association a nurse told him at 4.50pm, adding: "I was very disappointed, I had been waiting all day.

"I was very nervous, I am quite a nervous person when it comes to things like this, I was quite disappointed and hungry.

"I would like them to come up a bit earlier and say it has been cancelled, I could have had something to drink a lot earlier."

A Barts spokesman said it was experiencing "major IT disruption" and delays at all four of its hospitals.

He added: "We are very sorry that we have to cancel routine appointments, and would ask members of the public to use other NHS services wherever possible.

"Ambulances are being diverted to neighbouring hospitals."

United Lincolnshire Hospitals NHS Trust said it was cancelling all outpatient, endoscopy, cardiology and radiology weekend appointments because of the attack, which had affected Lincoln County Hospital, Pilgrim Hospital and Grantham Hospital.

Mark Brassington, its chief operating officer, said: "We will be diverting some emergency cases to local hospitals which are not affected by the attack, where possible.

"We ask patients to only come to our A&Es if absolutely necessary.

Wanna Decryptor is a piece of malicious software that encrypts files on a user's computer, blocking them from view and threatening to delete them unless a payment is made.

The virus is usually covertly installed on to computers by being hidden within innocent-looking emails containing links, which users are tricked into opening.

Pictures on Twitter showed computers with messages saying: "Ooops, your files have been encrypted!"

"Maybe you are looking for a way to recover your files, but do not waste your time."

The National Cyber Security Centre (NCSC) said it was aware of a "cyber incident" and was working with NHS Digital and the National Crime Agency to investigate.

Security chiefs and ministers have repeatedly highlighted the threat to Britain's critical infrastructure and economy from cyber attacks.

Last year the Government established the NCSC to spearhead the country's defences.

In the three months after the centre was launched there were 188 "high-level" attacks as well as countless lower-level incidents.

Chancellor Philip Hammond disclosed in February that the NCSC had blocked 34,550 potential attacks targeting UK Government departments and members of the public in six months.