HACKERS IN CYBER ATTACK ON SCOTS NHS
Patients turned away as hospitals and GPs’ surgeries held to ransom by criminal gang
SCOTTISH hospitals and GP surgeries were under cyber attack last night after hackers held the NHS to ransom. Countless routine operations were cancelled and patients turned away as more than 40 hospital trusts and boards across Scotland and England – along with hundreds of local doctors’ surgeries – were locked out of their own computer systems in an unprecedented global attack.
Desperate NHS staff pleaded with patients to stay away from A&E except in an emergency, while ambulances were diverted away from hospitals struggling to cope with the crisis. Amid a huge row
over cyber security flaws in the NHS’s IT systems, Theresa May was forced to reassure patients.
As a global hunt began for the hackers and the NHS declared a ‘major incident’:
NHS computers, MRI machines and telephones were switched off to stop the spread of the attack;
Staff described computers going down ‘one by one’ across the NHS;
Patients told of their agony at having operations cancelled;
Police sources said the attack bore the hallmarks of a co-ordinated Eastern European or Russian gang operation;
There were claims hackers may have taken advantage of a chink in the armour of the Microsoft system revealed by a Wikileaks dump of CIA documents;
Experts said they had been warning for months of the risk of attack;
The hack is thought to have hit 12 countries across Asia and Europe – but the NHS is thought to have been the biggest institution affected;
The ‘Wanna Decryptor’ virus, spread via email, locked staff out of terminals and demanded $300 (£230) to release the files on each employee account.
Microsoft had apparently launched a defence ‘patch’ against the virus in March but experts claimed few hospitals updated their systems.
Last night, the Prime Minister insisted the ransomware hit was ‘not targeted’ at the health service but was part of a wider assault, adding: ‘The National Cyber Security Centre is working closely with NHS Digital to ensure they sup- port the organisations concerned and protect patient safety.’
Mrs May stressed it was unlikely that the hackers could access private patient data. But the virus is thought to have locked doctors out of patient records, test results and X-ray scans – and phones are thought to have been affected.
In some hospitals MRI scanners – mostly connected to the internet – were turned off as a precaution.
The hackers said the ransom would double if not paid within three days and the data would be deleted if not paid within a week.
At least eight NHS boards in Scotland – more than half the total of 14 – and 36 NHS trusts in England were affected. The impact varied from area to area.
Police sources said it was typical of tactics used by Eastern European and Russian gangs.
The ransom note, which appeared on computers throughout the afternoon, said: ‘Ooops, your files have been encrypted!
‘Maybe you are looking for a way to recover your files, but do not waste your time.’ It is not clear how many computers were affected but if every one of the NHS’s 1.4million staff were infected it would have to hand over more than £320million.
Security sources said the Government would not pay a ransom.
In the most dramatic development in Scotland, NHS Lanarkshire said ‘the public should stay away from Lanarkshire A&Es unless it is a genuine emergency needing immediate treatment’.
The board shut down non-essential, networked IT systems temporarily and officials said they were unable to access some patients’ medical histories.
They advised anyone visiting hospitals in Lanarkshire today or tomorrow to take along all medication and a list of pills. Some outpatient appointments for today have been axed and staff are contacting those affected.
In the rest of the country, several GP surgeries were hit, including four in Glasgow, and a ‘small number’ of practices and dental surgeries in the Forth Valley.
NHS Tayside said ten GP practices not using an NHS Tayside IT system were affected. NHS Dumfries and Galloway said the Waverley Medical Centre in Stranraer, Wigtownshire, was hit. Nurse appointments were cancelled. In total, three GP surgeries were affected in Dumfries and Galloway. The problems did not shut practices or compromise the safety of patient data. Other boards hit include NHS Fife, NHS Western Isles and NHS Borders.
Health Secretary Shona Robison said: ‘Scottish Government health officials are working closely with affected boards to assess the extent of the problem.’
Brian Lord, former deputy director of GCHQ Cyber and Intelligence, said: ‘Something like this was always inevitable. [Organisations] are neglecting basic cyber hygiene measures which can prevent the mass effectiveness of mass ransomware attacks.’
‘Public should stay away from A&Es’ ‘This was always inevitable’