The NHS is under frequent cyber attack, with a national attack that “may or may not” have been state sponsored having been launched just this month, NHS Digital has said.

During a speech at the Healthcare Efficiency Through Technology show in London this morning, chief operating officer Rob Shaw said the organisation’s CareCert unit, set-up in October last year, had uncovered widespread and frequent attacks on the NHS.

“We are seeing more and more ransomware attacks,” he said. This included one big, but unsuccessful, national level attack early this month which “may or may not have been state sponsored”.

“It was big and it was hard and it was sustained… before, we didn’t know this sort of thing was happening until we got the worst outcome, but now we are in detect mode, rather than defence mode.”

Shaw revealed a wide range of attacks were being made on the NHS, with some of these using well-known techniques such as spear phishing, in which hackers target an individual to inadvertently reveal useful information or spread malware.

He said NHS Digital itself was successfully targeted in a spear phishing attack by a hacker pretending to be an old friend of one of its staff, using information from social media.

“It’s no longer the Nigerian lottery winner; we are seeing an awful lot of things going through that seem genuine.”

Old software also remains a vulnerability. An NHS hospital was recently targeted by a hacker through windows XP. The hacker managed to infect 60 servers and use them to send 2 million spam emails, Shaw said. “This wasn’t sophisticated, it was a bedroom hacker.”

The trust knew about the security threat for five weeks before telling the any central organisation, Shaw added.

While that attack did not directly affect care another hospital fell victim to a malicious attack, which infected 100 XP machines, disrupted data integrity and led to significant delays in discharging patients.

Shaw said about 0.3 % of all traffic over the NHS N3 network was malicious, which was typical of other sectors, and 60% of mail sent to NHSmail 2 was blocked. “I’m not going to give you the numbers because they are scary.”

NHS Digital has recently expanded of CareCERT programme to offer new services to help trusts defend against cyber attacks and a support  team to help them respond to a successful attack.

This included an vulnerability assessment of about 100 NHS organisations, from hospitals to GP practices, to help build a national picture of common security gaps in the NHS.

It is also undertaking a wider review of obsolete technology in the NHS, following recommendations in Dame Fiona Caldicott’s latest review of information governance and security. One of its key technology recommendations related to removing obsolete IT, since so many older systems are vulnerable to attacks.

Shaw said about 15% of the millions of devices in health and care were still running Windows XP, a system that has not been supported since 2014.

While some of these devices could be upgraded to more recent operating systems others had bespoke code that would not function in later operating system but were nevertheless necessary for patient care. These should be cut-off from network and be protected with extra encryption, he said.