Multiple hospitals across England have been hit by a large-scale ransomware attack on Friday afternoon, with trusts having to switch off their systems.
The NHS is believed to have been hit by a ransomware variant called ‘WanaDecrypter’ which has also hit Spanish telco Telefonica and many other organisations across Europe today. This malware exploits a vulnerability in the Windows malware detection service.
NHS Digital have confirmed an investigation is on-going, and that it is working with NHS England, Department of Health and the National Cyber Security Centre.
“At this stage we do not have any evidence that patient data has been accessed”, a spokesperson said, “we will continue to work with affected organisations to confirm this”.
Sources told Digital Health News that there was a major N3 cyber security issue on Friday with a number of trusts offline and some localities turning off their full networks, and social media reaction suggests it happened from around 1:30pm.
NHS Digital have confirmed 16 NHS organisations across England have been affected – no names have been disclosed from NHS Digital, however the media has reported East and North Hertfordshire NHS Trust, University Hospitals of Morecambe Bay NHS Foundation Trust and Torbay and South Devon NHS Foundation Trust have been hit. The (hashtag) #nhscyberattack is currently trending on Twitter.
Barts Health NHS Trust, the largest trust in the country, have also been hit by a “major IT disruption”. Ambulances have been diverted, and routine appointments have been cancelled, and the trust has asked the public to use other NHS services wherever possible.
In a statement, the trust said a major incident plan has been activated.
George Elliott Hospital NHS Trust confirmed that it had been hit and that its systems were down.
Trust spokesman James Turner, said: “We are currently dealing with a suspected cyber-attack which has resulted in a shutdown of a number of our IT systems. We have implemented our contingency plans and we continue to provide services in A& E and essential services elsewhere.
“We do ask that patients only use A&E in an emergency and to contact NHS 11 for non-urgent advice. In order to ensure we maintain quality and patient safety, we have had to cancel a number of Out Patient appointments and are operating a limited radiology service.
“We apologise to patients. We are working hard to resolve the issue as soon as possible.”
Sources indicate that Blackpool Teaching Hospitals NHS Foundation Trust and East Lancashire Hospitals NHS Trust have also been affected.
A spokeswoman at North Cumbria University Hospitals NHS Trust confirmed that the trust had been impacted this afternoon, but referred all other queries had to be forwarded to NHS Digital.
On the bitcoin address associated with the malware a payment of $266.23 had been added today.
The Patients Associations’ response to the attack on Friday afternoon was: “We should be clear that the responsibility for today’s apparently extensive attack on NHS IT systems, and for any harm that occurs to patients as a result, lies with the criminals who have perpetrated it”.
“From reports so far, the attack appears to have been highly co-ordinated and aggressive, and a police investigation will no doubt be required.”
Joe McDonald, chair of the CCIO network urged NHS CCIOs, CIOs and other digital leaders to join colleagues already sharing information online on how best to respond to the attack.
East and North Hertfordshire NHS Trust released a statement saying it had to shut down its IT systems.
“Immediately on discovery of the problem, the trust acted to protect its IT systems by shutting them down; it also meant that the trust’s telephone system is not able to accept incoming calls.”
“The trust is postponing all non-urgent activity for today and is asking people not to come to A&E – please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency.”
This is a developing story.