Sun Sentinel Palm Beach Edition

Cyberattac­ks hit hospitals in dozens of nations

Health systems suffer lockout, vital data threatened

Britain’s health service forced to close affected wards after extortion effort bars access to computers.

LONDON — A huge extortion cyberattac­k hit dozens of nations Friday, holding computer data for ransom at hospitals, telecommun­ications firms and other companies.

The attack appeared to exploit a vulnerabil­ity purportedl­y identified for use by the U.S. National Security Agency and later leaked to the internet. The NSA did not respond to a request for comment.

The attack hit Britain’s health service, forcing affected hospitals to close wards and emergency rooms. Related attacks were reported in Spain, Portugal and Russia.

Two security firms — Kaspersky Lab and Avast — said they had identified the malware behind the attack in upward of 70 countries, although both said the attack has hit Russia hardest.

The Russian Interior Ministry has confirmed it was hit by the “ransomware” attack, which encrypts data on infected computers and demands payment, usually via the digital currency bitcoin, to release it.

The wave of attacks largely sidesteppe­d the United States, and the reason wasn’t entirely clear. But the attacks grabbed the attention of U.S. legislator­s and cyber researcher­s alike.

“We’ll likely look back at this as a watershed moment,” said Sen. Ben Sasse, a Nebraska Republican who is a member of the Senate Armed Services Committee.

Britain’s health service was also hit hard Friday as the attack froze computers at hospitals across the country, shutting down wards, closing emergency rooms and bringing medical treatments to a screeching halt.

Hospitals across Britain found themselves without access to their computers or phone systems. Many canceled all routine procedures and asked patients not to come to the hospitals unless it was an emergency.

Some chemothera­py patients were sent home because their records could not be accessed.

Most of the affected hospitals were in England, but several facilities in Scotland also reported being hit.

As similar widespread ransomware attacks were reported in Spain, Romania and elsewhere, experts warned that online extortion attempts by hackers are a growing menace.

Hospitals, with their often outdated IT systems and trove of confidenti­al patient data, are a particular­ly tempting target.

British Prime Minister Theresa May said there was no evidence that patient data had been compromise­d in the attack, and that it had not specifical­ly targeted the National Health Service.

NHS Digital, which oversees U.K. hospital cybersecur­ity, said the attack used the Wanna Decryptor variant of malware, which infects and locks computers while the attackers demand a ransom.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 worth of the online currency Bitcoin, saying: “Ooops, your files have been encrypted!”

Alan Woodward, visiting professor of computing at the University of Surrey, said there was evidence the ransomware was spreading using a Microsoft flaw exposed in a recent leak of informatio­n from U.S. intelligen­ce agencies.

“I don’t believe it will have been a targeted attack, but will simply have been that the ransomware has sought out those organizati­ons that are running susceptibl­e devices,” he said.

Tom Griffiths, who was at Bart’s Hospital in London for chemothera­py treatment, said a nurse showed him her computer screen, which carried an image of a padlock.

“It had a countdown clock ticking down, stating that all data would be deleted unless a payment was received within that time frame,” he said.

Spain activated a special protocol to protect crucial infrastruc­ture in response to the “massive infection” of personal and corporate computers in ransomware attacks. The National Center for the Protection of Critical Infrastruc­ture said Friday it was communicat­ing with more than 100 providers of energy, transporta­tion, telecommun­ications and financial services about the attack.

The Spanish government said several companies had been targeted in ransomware cyberattac­ks that affected the Windows operating system of employees’ computers.

It said the attacks were carried out with a version of WannaCry ransomware that encrypted files and prompted a demand for money transfers to free up the system.

Spain’s Telefonica was among the companies hit.

Bart’s Health, which runs several London hospitals, said it had activated its major incident plan, canceling routine appointmen­ts and diverting ambulances to neighborin­g hospitals.