NHS cyber-attack: GPs and hospitals hit by ransomware
NHS services across England have been hit by IT failure, caused by a large-scale cyber-attack.
Staff cannot access patient data, which has been encrypted by ransomware that hit NHS networks. There is no evidence patient data has been compromised.
It comes amid reports of cyber-attacks affecting organisations across Europe.
Ambulances have been diverted and patients warned to avoid some A&E departments.
NHS Digital said the ransomware attack was not “specifically targeted at the NHS” and was affecting other organisations.
It said so far 16 NHS organisations had reported being affected by the attack, which is believed to be carried out by the malware variant Wanna Decryptor.
An NHS Digital statement said: “NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.
“Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.”
By Chris Baraniuk, BBC technology reporter
Software that locks a computer and demands payment before allowing access again – ransomware – is one of the world’s biggest growing cyber-threats.
It certainly looks like that is what has hit the NHS in this case – and one IT firm says 11 of its NHS customers have been affected.
Screenshots shared online purportedly from NHS staff, show a program demanding $300 (£230) in Bitcoin that looks similar to ransomware known as WannaCryptor or WCry.
There’s no indication of who is behind the attack yet, nor do we know exactly how it infected NHS systems.
But hospitals have been targeted with similar software before – it struck three US hospitals last year.
Among those affected are:
- Watford General
- Lancashire – Blackpool
- Broomfield Hospital, Essex
- Lister – Stevenage
- East & North Hertfordshire
- Northwick Park (NW London)
- St Bartholomew and Royal London
- Colchester General Hospital
- Norfolk and Norwich
- James Paget (Norfolk)
- Queens Hospital, Burton
- UHNM – Royal Stoke
The East and North Hertfordshire NHS Trust says it is experiencing problems with computers and phone systems.
It has postponed all non-urgent activity and is asking people not to come to A&E at the Lister Hospital in Stevenage.
IT specialists are working to resolve the problem as quickly as possible, a statement from the trust says.
Also affected is Derbyshire Community Health Services NHS Trust which says it has shut down all of its IT systems following a “secure system attack”.
A GP from a surgery in York said: “We received a call from York CCG [Clinical Commissioning Group] around an hour ago telling us to switch off all of our computers immediately.
“We have since remained open, and are dealing with things that can be dealt with in the meanwhile.”
Meanwhile, Blackpool Hospitals NHS Trust has asked people not to attend A&E unless it was an emergency because of computer issues.
But the NHS in Wales said it had a separate IT system and had not been affected by the cyber-attack.