International ransomware cyber attack paralyses many NHS Computers

A major incident has been declared after NHS services across England and Scotland were hit by a large-scale cyber-attack.

Staff cannot access patient data, which has been scrambled by ransomware. There is no evidence patient data has been compromised, NHS Digital has said.

It is reported taht up to 40 NHS organisations and some GP practices have been affected.

It comes amid reports of cyber-attacks affecting organisations worldwide.

Ambulances have been diverted and there has been disruption at some GP surgeries as a result of the attack.

NHS England said patients in an emergency should go to A&E or access emergency services as they normally would.

Dr Anne Rainsberry, NHS incident director, added: “More widely, we ask people to use the NHS wisely while we deal with this major incident, which is still ongoing.”

Prime Minister Theresa May is being kept informed of the situation, while Health Secretary Jeremy Hunt is being briefed by the National Cyber Security Centre.

NHS Digital said the ransomware attack was not “specifically targeted at the NHS” and was affecting other organisations.

A massive ransomware campaign appears to have attacked a number of organisations around the world.

Screenshots of a well known program that locks computers and demands a payment in Bitcoin have been shared online by those claiming to be affected.

The NHS in Wales and Northern Ireland has not been affected.

NHS Digital said the attack was believed to be carried out by the malware variant Wanna Decryptor.

“NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.

“Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.”

By Chris Baraniuk, BBC technology reporter

Software that locks a computer and demands payment before allowing access again – ransomware – is one of the world’s biggest growing cyber-threats.

It certainly looks like that is what has hit the NHS in this case – and one IT firm says 11 of its NHS customers have been affected.

Screenshots shared online purportedly from NHS staff, show a program demanding £230 ($300) in Bitcoin that looks similar to ransomware known as WannaCryptor or WCry.

There’s no indication of who is behind the attack yet, nor do we know exactly how it infected NHS systems.

But hospitals have been targeted with similar software before – it struck three US hospitals last year.

Among those affected are:

• Aintree
• Blackpool, Lancashire – asked people not to attend A&E unless it was an emergency
• Broomfield Hospital, Essex
• Colchester General Hospital
• Derbyshire – shut down all IT systems
• Hertfordshire (East & North) – experiencing problems with computers and phone systems
• James Paget (Great Yarmouth)
• Lanarkshire – closed down its non-essential IT network and urged patients only to attend A&E in an emergency
• Leicester
• Lincoln
• Lister, Stevenage – postponed all non-urgent activity and asking people not to come to A&E
• Northwick Park (NW London)
• Queens Hospital, Burton
• Royal Berkshire – phone lines may have problems but patient care remains unaffected
• Southport
• St Bartholomew and Royal London
• UHNM – Royal Stoke
• Watford General

‘Entire patient record’
Dr Chris Mimnagh, who works at a medical centre in Liverpool that has been affected, said the attack had made their job impossible.

“Our entire patient record is accessed through the computer, blood results, history, medicines.

“Most of our prescribing is done electronically – we don’t use the prescriptions unless the patient particularly chooses to want a piece of green paper.

“The rest of the time it’s sent direct to the pharmacy and of course, all that is not able to be accessed when we lose the clinical system.”

Dr Emma Fardon, a GP in Dundee, said she returned from house visits to find a message on the surgery’s computers asking for the money.

“We can’t access any patient records. Everything is fully computerised.

“We have no idea what drugs people are on or the allergies they have. We can’t access the appointments system.”

Dr Afzal Ashraf, an expert on cyber-security who has previously worked as an adviser to the government, told the BBC it was likely that the malware was spreading when NHS services shared documents and information.

But he also said he thought it was unlikely the attackers had deliberately targeted the NHS.

He added: “I think they probably attacked a small company assuming they would get a small amount of money but it’s got into the NHS system and now they have the full power of the state against them – because obviously the government cannot afford for this sort of thing to happen and be successful.”

Several Spanish firms including telecom giant Telefonica have also been targeted in cyber attacks

Portugal Telecom were also targeted.

The attack involved ransomware, a kind of malware that encrypts data and locks out the user. According to security experts, it exploited a vulnerability that was discovered and developed by the National Security Agency.

The hacking tool was leaked by a group calling itself the Shadow Brokers, which has been dumping stolen N.S.A. hacking tools online beginning last year. Microsoft rolled out a patch for the vulnerability last March, but hackers took advantage of the fact that vulnerable targets — particularly hospitals — had yet to update their systems.

Many computers using the Windows XP operating system are still in use within the NHS.

Source: bbc.co.uk