NHS forced to delay treatments after cyber attacks on a global scale

PA
Updated

The NHS is facing a weekend of chaos after a debilitating cyber attack prompted hospitals to cancel and delay treatment for patients across the country.

At least 30 health service organisations in England and Scotland were infiltrated by the ransomware, while many others shut down servers as a precautionary measure, bringing added disruption.

It leaves hospitals and GP surgeries with a backlog of postponed appointments to contend with, including operations, once the crisis is brought under control.

The National Cyber Security Centre (NCSC) said it was part of a set of global cyber attacks against "thousands of organisations and individuals in dozens of countries" as it launched a major operation in response.

As the scale of the security breach became clear on Friday afternoon, ambulances were diverted and patients told to avoid some A&E departments.

Staff reverted to pen and paper and used their own mobiles after key systems were affected, including telephones.

Theresa May said the Government is not aware of any evidence that patient records had been compromised.

Mrs May said: "This is not targeted at the NHS, it's an international attack and a number of countries and organisations have been affected.

"And, we are not aware of any evidence that patient data has been compromised.

"Of course it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected."

Pictures posted on social media showed screens of NHS computers with images demanding payment of 300 US dollars worth of the online currency Bitcoin, threatening to delete files within seven days.

A malware called Wanna Decryptor was used in the attack, which encrypts files on a user's computer, blocking them from view.

The virus is usually covertly installed on to computers by hiding within innocent-looking emails containing links, which users are tricked into opening.

Security chiefs and ministers have repeatedly highlighted the threat to Britain's critical infrastructure and economy from cyber attacks.

A spokesman for NHS Digital, which manages health service cyber security, said: "At this stage, we do not have any evidence that patient data has been accessed."

In Russia, the Interior Ministry said around 1,000 computers were hit by a cyber attack.

Several companies in Spain were also crippled by ransomware attacks.

Telecoms firm Telefonica was one of those reporting problems, along with courier firm FedEx.

A total of 19 English health organisations reported problems, including hospitals and clinical commissioning groups (CCGs) in London, Blackpool, Hertfordshire and Derbyshire.

United Lincolnshire Hospitals NHS Trust said it was forced to cancel all outpatient, endoscopy, cardiology and radiology weekend appointments across its three hospitals.

In Scotland, 11 geographical health boards, including the ambulance service and acute hospital sites, saw their IT networks infected.

At least one health trust found itself named as a victim of the cyber attack despite actually suffering from an unrelated server problem.

First Minister Nicola Sturgeon has chaired a resilience meeting on the issue.

Last year, the Government established the NCSC to spearhead the country's defences.

In the three months after the centre was launched, there were 188 "high-level" attacks as well as countless lower-level incidents.

Chancellor Philip Hammond disclosed in February that the NCSC had blocked 34,550 potential attacks targeting UK Government departments and members of the public in six months.

Advertisement