Hackers hold NHS to ransom
Doctors warn lives at risk as cyber attackers linked to Russia disable hospitals’ computer systems
THE NHS was thrown into chaos last night after hackers demanding a ransom infiltrated the health service’s antiquated computer system.
Operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records.
Doctors warned that the infiltration – the largest cyber attack in NHS history – could cost lives.
Medics described how computer screens were “wiped out one by one” by the attack, which had last night spread to companies worldwide, including in the US, China and Russia.
The NHS said there was no evidence that patients’ medical records had been accessed, but it was unable to say whether the hackers – who are threatening to delete information unless payment is received within a week – had the ability to destroy such records.
Experts at GCHQ’S national cyber security centre were helping NHS teams fight the attack. It has been declared a major incident, and has spread to Scotland, where crisis meetings were also being held last night.
There were suggestions that a computer hacking group known as Shadow Brokers was at least partly responsible. It is claimed the group, which has links to Russia, stole US National Security Agency cyber tools designed to access Microsoft Windows systems, then dumped the technology on a publicly-accessible website where online criminals could access it – possibly in retaliation for America’s attack on Syria.
Microsoft said last night that it had provided free software to protect computers in March, raising questions about why the NHS was still vulnerable.
Cyber experts said the health service appeared susceptible to attack because many trusts were using obsolete systems, while others have failed to apply recent security updates which would have protected them. This week it was suggested that 90 per cent of NHS trusts in the UK were using Windows XP – a 16-year-old operating system. Security experts said that computers using operating software introduced before 2007 were particularly vulnerable, leaving many NHS systems at risk.
Others, using newer systems, may have failed to apply recent security updates, which would have protected them, experts said. The hack is thought to be part of a wider attack, which has affected the Spanish telecoms giant Telefonica, which also owns 02, where the same message was presented.
The ransomware attack was orchestrated using malware called Wanna Decryptor, which demands each user affected pay $300 (£232) in the internet currency Bitcoin, to have files restored. Thousands of NHS computers have been affected so the ransom could potentially cost taxpayers millions.
The attack was described by Theresa May as “intentional”.
The Prime Minister said: “We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack. This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected.
“The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety. And, we are not aware of any evidence that patient data has been compromised.” Intelligence sources said the attack appeared to have been carried out by criminals rather than a hostile state and the ransomware had rapidly spread through companies and organisations in Europe and the Middle East. Russia’s interior ministry said last night it had come under cyber attack. There were reports last night that Germany’s Deutsche Bahn railway network had been affected.
In the UK the only affected organisation appeared to be the NHS.
Patients awaiting heart surgery were among those who had operations cancelled, with doctors telling how staff were frantically ordering computers to be shut down. New parents were left stuck on wards with their newborns as administrative systems failed. Doctors at dozens of trusts resorted to pen and paper, with no access to medical records. Handwritten signs in the entrance of the Royal London’s A&E stated: “The emergency department has no IT facilities, there are significant delays.”
NHS trusts are supposed to regularly back up their files. But doctors and nurses were yesterday treating patients without access to their medical histories, or X-rays, blood tests and details such as allergies to medication.
It raises the possibility that recent changes to medical records – such as a cancer diagnosis, or the results of a
blood test – could be lost, if hackers delete the files.
The mysterious Shadow Brokers claimed last month it had stolen a “cyber weapon” from the NSA that gives unprecedented access to all computers using Microsoft Windows. The hacking tool had been developed by the NSA, to gain access to computers used by terrorists and enemy states.
A screen shot circulated by medical staff showed that users were alerted to their system being compromised by a flashing warning on screen which reads: “What happened to my computer?” and states that many documents, photos, videos and databases and other files are no longer accessible.
Warning “nobody can recover your files without our decryption service” it then demands payments of $300 – stating that the price will be doubled in three days.
An NHS spokesman said: “At this stage we do not have any evidence that patient data has been accessed.”
Colchester A&E was among several yesterday urging the public to stay away, unless in the most severe need tweeting: “Our A&E is open for critical or life-threatening situations requiring medical attention, such as loss of consciousness, heavy blood loss.”
At Lister Hospital in Stevenage, the telephone and computer system was fully disabled in an attempt to fend off the attack, with all non-urgent appointments and operations cancelled and patients told to keep away from A&E if at all possible.
The loss of computer systems meant The warning that appeared on the computers of NHS staff
doctors and nurses lost access to X-rays, blood test results and booking systems, rendering a normal day’s work impossible.
A worker at Colchester General Hospital described how her office’s computers were “wiped out, one by one”. ”
Dominic Marley, a hospital doctor in the Manchester area, said it would be a “miracle if no one comes to harm”.
Barts Health NHS Trust, which runs The Royal London, St Bartholomew’s, Whipps Cross and Newham hospitals in London, said it had implemented its major incident plan to cope with disruption.
Anthony Brett was about to have a stent put in his liver to treat his cancer when he was told the procedure could not happen.
The 50-year-old from Bow, east London, said: “To do it to the NHS that does so much good for people, it’s just disgusting. They should be hung, drawn and quartered.”