NHS cyber chaos hits thousands of patients
THOUSANDS of operations and other appointments will be cancelled as NHS bosses admitted it will take several weeks to fix ageing computer systems hit by Friday’s cyber attack.
The NHS last night admitted vital equipment, such as MRI scanners and X-ray machines, have now been taken offline as they cannot be repaired immediately. Thousands of NHS staff are now bracing themselves for further problems when they arrive at work tomorrow and attempt to log on to their computer terminals.
Staff have been reduced to reverting to pen and paper and ferrying messages around hospital using runners, according to NHS England sources – despite ministers insisting things had returned to normal.
Senior sources told The Sunday Tele
graph that as many as “tens of thousands” of procedures could be “disrupted” and many thousands of appointments cancelled.
Senior British Medical Association sources said they did not recognise the picture painted by the Government.
Dr Mark Porter, the BMA council chairman, said the attack was “extremely worrying” and that a lack of investment in computer security may have left the NHS vulnerable.
In May 2015, the Government ended its annual £5.5million deal with Microsoft to provide ongoing security support for Windows XP.
Norman Lamb, the Liberal Democrats’ health spokesman and former minister, said: “This is potentially the worst NHS crisis for decades. It is going to take some time before the full scale of this becomes clear.”
NHS Digital admitted it would take several weeks to restore some key equipment, such as MRI scanners, which run on the affected Windows XP programme.
It said: “Some expensive hardware (such as MRI scanners) cannot be updated immediately, and in such instances organisations will take steps to mitigate any risk, such as by isolating the device from the main network.”
Some 48 health service organisations in England and Scotland – almost a fifth of the NHS – were infiltrated by Friday’s ransomware attack, leaving dozens of hospitals and GP surgeries with a backlog of appointments.
Last night the country’s biggest NHS trust said it had cancelled all non-urgent appointments yesterday and more would be cancelled today. Ambulances were being diverted to neighbouring hospitals and Barts – which serves 2.5 million people – had activated its major incident plan.
There were also questions over the failure of both Jeremy Hunt, the Health Secretary, and Simon Stevens, the NHS’s chief executive, to appear during the crisis. Instead the NHS’s director of operations, Anne Rainsberry, was left to explain its response.
Amber Rudd, the Home Secretary, insisted that the NHS was coping. Writing exclusively for The Sunday Tele
graph, she warns that Britain should be braced for future hacking attacks
on an even greater scale in the future. The cyber attack has now spread to more than 100 countries, including Germany, France, Spain, the US and China, infecting more than 130,000 IT systems.
British intelligence agencies were last night drawn into the international hunt for the masterminds behind the biggest cyber attack in history.
Security services said analysts from the three main spy agencies – MI5, MI6 and GCHQ – were being deployed in the search for those responsible.
Scotland Yard has been working round the clock to protect its own systems from attack after revealing it still has 10,000 computers running Windows XP.
The Government said that by yesterday afternoon of the 48 trusts which were affected, all bar six were now running a “normal service” and every A&E in England was operating as normal.
However, a senior NHS source admitted that there would still be cancellations of non-urgent operations at a number of trusts.
“This will still affect hundreds of people. There will be cancellations. This is not a good thing,” said the source. “But it is not a crisis. The NHS has coped.
“In more than 200 trusts engineers went in to ensure patches to counter this malware were put in place or were already in place.”
On top of any postponement to treatment trusts still face weeks of administrative delays as systems engineers get computers back online following the attack.
NHS England was last night refusing to say how many patients would be affected by delays over the coming days, but on any given day the health service deals with 31,000 non-emergency operations, 61,000 attendances at A&E, 750 people starting treatment for cancer and 8,600 emergency ambulance journeys.
Computer security experts said it could take weeks for the NHS to unlock or replace all the computer systems that were frozen by the virus.
It emerged last night at one in 20 of the NHS’s thousands of computers – five per cent of the total – are still fitted with the Windows XP programme susceptible to the virus used in Friday’s attack.
Sean Sullivan, security adviser to F-Secure, an international cyber security company, said: “This is going to be a real problem for the NHS for months.
“You can expect a lot of cancelled operations in the course of the next week at least. We can expect cancelled operations for quite some time.
“The NHS will have to have systems up and running to handle critical patients straight away but non-critical stuff will take a long time to clear up.”
While ministers tried to reassure the public that patient data had not been compromised and lives were not at risk, stories have begun to emerge of clinical staff being unable to do their jobs.