view counter

CybersecurityU.K. hospitals, clinics hit by large-scale ransomware cyberattack

Published 12 May 2017

The NHS has confirmed that hospitals across England have been hit by a large-scale cyberattack. The attack has locked staff out of their computers and forced emergency patients to be diverted to hospitals not hit by the attack. The IT systems of NHS facilities across England have been hit simultaneously – and the screens of computers connected to the networks under attack showed a pop-up message demanding a ransom in exchange for allowing staff access to the PCs.

The NHS has confirmed that hospitals across England have been hit by a large-scale cyberattack. The attack has locked staff out of their computers and forced emergency patients to be diverted to hospitals not hit by the attack.

The BBC reports that the IT systems of NHS facilities across England have been hit simultaneously – and that the screens of computers connected to the networks under attack showed a pop-up message demanding a ransom in exchange for allowing staff access to the PCs.

The ransom attack made details of patient records and appointment schedules, internal phone lines and emails, and more inaccessible.

NHS Digital said: “A number of NHS organizations have reported to NHS Digital that they have been affected by a ransomware attack which is affecting a number of different organizations.

“The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organizations to confirm this.

NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organizations and to recommend appropriate mitigations.

“This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors.

“Our focus is on supporting organizations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.”

The BBC notes that reports are coming in not only of more affected hospitals, but also of GP surgery clinics and medication dispensaries coming down with the virus. It appears that the surgery clinics hit are concentrated in the Liverpool and Manchester areas.  

The pop-up message demands a payment of $300 to allow access to medical files the hackers have encrypted.

British law enforcement says the attacks are criminal in nature, rather than a terrorist attack, and that right now there appear to be no national security implications.

A spokesman for the National Cyber Security Center said: “We are aware of a cyber incident and are working with NHS digital and the NCA to investigate.”

Experts note that it appears that the malware used in the attack on the British medical facilities is the same as that used against several Spanish companies, including the telecoms giant Telefónica. Those attacks were accompanied by the same pop-up ransom message which accompanied that attacks in Britian.

In a statement released Friday morning in the wake of the attacks, the National Cryptology Center said a cyber assault had been launched “against various organizations,” affecting Windows systems and corrupting networks and archives.

The ransomware used in the Spanish attacks is a version of the WannaCry virus, which encrypts sensitive user data, the National Cryptology Center said.