Cyber attack: NHS
Experts say failure to upgrade meant hospitals were vulnerable Boss scrambling to restore IT systems after wave of hacks
Non-emergency patients were told to stay away, while Nissan was also hit.
Lanarkshire NHS was the worst hit board. At Hairmyres hospital in East Kilbride, patients were turned away as they went in to A&E – while others received minimal treatment.
Signs outside the unit warned patients not to book in unless they had “a very serious illness or injury.” Dr Helen Mackie, chief of medical services at the hospital, urged patients to take their medication with them, warning doctors could have problems accessing their records.
Elsewhere, Dr Emma Fardon, a GP in Dundee, said the attack had had a “massively disruptive effect”.
She said: “We can’t access any patients’ records. Everything is fully computerised.”
In total, 45 NHS organisations in England and Scotland were disrupted – while the huge Nissan plant in Sunderland was among firms hit. Questions are now being asked over the use of old computer systems and the failure of some health boards to implement a vital security update issued by Microsoft in March.
NHS Fife admitted the fix had not yet been applied – despite Microsoft bosses labelling it “critical” – while NHS Lanarkshire was unable to say. NHS Grampian could only say it had been applied to “the majority” of servers.
Meanwhile, NHS Highland, NHS Ayrshire and Arran, NHS Glasgow and NHS Western Isles all said some of their computers still used the vulnerable 15-year-old Windows XP operating system.
They said an emergency security update had been issued by Microsoft and was being deployed.
Health boards have faced numerous computer blackmail attempts in recent years, with NHS Greater Glasgow and Clyde alone hit with three ransomware attacks last year.
In the vast majority of cases, NHS staff did not hand over money to unlock their files. Instead, the computer was broken down and rebuilt by IT staff.
Professor Buchanan, from Napier University, said early signs indicated the massive hack had been able to cripple NHS computers due to the f a i l u re to implement Microsoft’s update – as well as a vulnerable gap in an NHS firewall.
He insisted any failure to apply Microsoft’s fix was “negligence” if it had been the cause.
“It looks like that was the way that the ransomware got in.
“Companies have had about four or five weeks to patch and it obviously hasn’t happened in many cases. You need to be doing that in a few days – especially with something like the NHS.”
Scottish Health Secretary Shona