CYBER HACKERS CRIPPLE THE NHS
Hospitals held to ransom ++ Operations cancelled ++ Patients turned away from A&E ++ But why WERE warnings ignored?
HOSPITALS across Britain were paralysed last night after cyber hackers held the NHS to ransom in an unprecedented global attack.
Countless operations were cancelled and patients were turned away as almost 40 hospital trusts and hundreds of GP surgeries were locked out of their computer systems.
NHS staff pleaded with patients to stay away from A&E except in an emergency, and ambulances were diverted away from hospitals struggling to cope.
Amid a huge row over cyber security flaws in the NHS, Theresa May was forced to reassure the public that their patient records had not been compromised.
As a massive hunt began for the hackers and the NHS declared a ‘major incident’:
The hack reportedly hit up to 74 countries, but the NHS is thought to have been the biggest institution affected;
NHS computers, MRI machines and telephones were switched off to stop the attack spreading;
Staff described computers going down ‘one by one’ in extraordinary scenes;
Doctors were forced to resort to using pen and paper, while patients told of their agony at having operations cancelled;
Police sources said the attack bore the hallmarks of a co-ordinated Eastern European or Russian gang operation;
Experts said they had been warning about an attack on the NHS for months;
It was claimed the hackers may have
taken advantage of a chink in the armour of the Microsoft system revealed by a WikiLeaks dump of CIA documents.
The ‘Wanna Decryptor’ virus, spread via email in what experts called a ‘highly co-ordinated and aggressive’ attack, locked staff out of their terminals and demanded $300 (£230) worth of the virtual currency bitcoins to release the files on each employee account.
Microsoft had apparently launched a defence patch against the virus in March, but experts said few hospitals had updated their systems.
Last night it was suggested a hacking group known as Shadow Brokers was partly responsible.
The group, which has links to Russia, is reported to have stolen US National Security Agency cyber tools which are designed to access Microsoft Windows systems, before putting the technology on a website – opening the door to crimi- nals. The Prime Minister insisted the ransomware hit was ‘not targeted’ at the health service but was part of a wider assault.
She added: ‘The National Cyber Security Centre is working closely with NHS Digital to ensure that they support the organisations concerned and that they protect patient safety.’ Mrs May stressed it was unlikely the hackers could access private patient data. But the virus is thought to have locked doctors out of patient records, test results and X-ray scans.
The hackers said the ransom will double if it is not paid within three days and the data will be deleted if it is not paid within a week.
A note which appeared on computers throughout the afternoon said: ‘Ooops, your files have been encrypted! Maybe you are looking for a way to recover your files, but do not waste your time.’ As of 6.30pm yesterday, at least 37 NHS trusts in England had been affected. Hospitals in London, Blackpool and Colchester are thought to have been the worst hit – but last night the virus spread over the border into Scotland. If all of the NHS’s 1.4 million employees were affected, the health service would have to hand over £326 million to unlock the scrambled data. Security sources said the Government would not pay a ransom. A spokesman at Barts NHS Health Trust, which runs five hospitals in London, said: ‘We have activated our major incident plan to make sure we can maintain the safety and welfare of patients.’ London registrar Dr Krishna Chinthapalli said it was the worst attack of its kind ever seen.
Just 24 hours before the attack, Dr Chinthapalli wrote in a British Medical Journal paper that the NHS was ill-prepared for a cyber attack – warning that nine out of ten NHS trusts ran an ‘obsolete’ version of Windows. He wrote: ‘We should be prepared – more hospitals will almost certainly be shut down by ransomware this year.’
Brian Lord, the former deputy director of GCHQ Cyber and Intelligence, said the attack had been ‘inevitable’ because firms were ‘neglecting basic cyber hygiene’.
A spokesman for NHS Digital said: ‘At this stage we do not have any evidence that patient data has been accessed. This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.’
Experts have been warning for months that the NHS was at risk. Gordon Morrison, director of government relations at Intel Security, warned last November that many NHS hospitals used ‘antiquated’ computer equipment which did not have the latest security programmes.
Last year an investigation revealed that seven NHS trusts, serving more than two million people, spent nothing on cyber security throughout the whole of 2015.
Sky News, working with security experts, uncovered misconfigured email servers, outdated software and security certificates. It also found NHS trusts’ emails and passwords were available through public searches.
In a similar attack, Wichita Heart Hospital in Kansas last year agreed to pay the hackers’ fine, but instead of unlocking all of the information, they released only part of it and tried to extort more cash. The hospital refused, and has been left permanently locked out of some data.