NHS plunged into chaos by international cyberattack, closing hospitals and cancelling operations

Rob Price, Business Insider

Read Article at Business Insider

  • Hospitals have been closed and operations have been cancelled as a result of a major cyberattack on the NHS.
  • At least 16 NHS organisations across England and Scotland have been affected.
  • It has plunged the British health service into chaos, with doctors forced to use pen and paper to work.
  • The NHS has declared a “major incident” in England.
  • Prime Minister Theresa May has confirmed the attack is part of a broader international cyberattack.
  • 74 other countries have been affected.
  • This is a developing story. If you are an NHS employee, a patient, or have you been affected today, get in touch: rprice@businessinsider.com

LONDON — The National Health Service is in chaos across the United Kingdom as the result of a major cyberattack.

Hospitals are being closed, operations are being cancelled, and patients are being turned away as at least 16 NHS organisations up and down the country struggle with “major” technical issues. A “major incident” has been declared across England by the NHS. (Per Sky, it might be as many as 40 affected.)

NHS services from Barts in London to Liverpool say they are affected. Some employees are reporting that NHS computers have been hit with ransomware — malicious software that encrypts all all the data on a computer then demands a ransom to unlock it.

Multiple NHS organisations are telling people not to come to A&E, and at least one is “postponing all non-urgent activity.” There are also reports on Twitter of operations being cancelled due to the attack.

“It’s actually a nightmare” an NHS employee told Business Insider. “Everyone is phone calling all over the place and resorting back to paper to make sure people don’t miss out.” Barts Health in London is redirecting ambulances to other hospitals. Great Ormond Street children’s hospital is also affected, a source says.

In addition to hospitals, there are also reports of GP practices being affected. Initial reports focused on England, but Sky News is now reporting that GP surgeries in Scotland have been affected as well.

The attack doesn’t seem to be specifically targeting the NHS. Rather, it’s part of a broader, international cyberattack. An as-yet unknown attacker used a leaked NSA exploit with the ransomware — and it has spread across at least 74 countries, from Spain to Japan, as a result.

In a statement, Prime Minister Theresa May confirmed the attack is international, and that there is no evidence patient data has been accessed. She said, per The Guardian:

“We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack.

“This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected.

“The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety.

“And we are not aware of any evidence that patient data has been compromised.

“Of course, it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected.”

Here’s the ransomware message that some NHS employees are seeing:

“Ooops, your files have been encrypted! Many of your documents, photos, videos, databases and other files are no longer accessible because they have been encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service,” the message reads.

Some security experts are reporting that the ransomware is spreading so quickly because it has been updated with Windows exploits created by NSA, the US spy agency. These were leaked online — and subsequently made their way into the hands of criminals.

Before the panic ensues, regular common ransomware was most likely updated with weapons grade exploits that came from the NSA causing today.
— Hacker Fantastic (@hackerfantastic) May 12, 2017

The Guardian reports that the East and North Hertfordshire NHS trust said in a statement: “Today (Friday, 12 May 2017), the trust has experienced a major IT problem, believed to be caused by a cyber attack.

“Immediately on discovery of the problem, the trust acted to protect its IT systems by shutting them down; it also meant that the trust’s telephone system is not able to accept incoming calls.

“The trust is postponing all non-urgent activity for today and is asking people not to come to A&E – please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency.

“To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need.”

NHS Mid Essex CCG is similarly asking patients: “do not attend A&E unless it’s an emergency.”

We’re aware of an IT issue affecting NHS computer systems. Please do not attend A&E unless it’s an emergency. Thank you for your patience.
— NHS Mid Essex CCG (@MidEssexCCG) May 12, 2017

On Twitter, users are reporting cancelled operations:

Unbelievable – friend’s (v important) operation due today just cancelled due to NHS cyber attack. Was literally about to go to theatre.
— Amy Grimshaw (@AmyGrimmers) May 12, 2017

All shut down in Yorkshire-even in GP practice. Back to handwriting notes while seeing patients without full histories! #nhscyberattack
— Chris Maguire (@chris_magz) May 12, 2017

NHS England did not immediately respond to Business Insider’s request for comment.

The exact scale of the attack isn’t immediately clear, but it is affecting NHS facilities up and down the country.

“We are experiencing a major IT disruption and there are delays at all of our hospitals. We have activated our major incident plan to make sure we can maintain the safety and welfare of patients,” Barts hospital said in a statement. Liverpool is also affected.

As of writing, the malware seems to still be actively spreading. An NHS source had previous said that Barnsley and Sheffield’s systems were previous unaffected, but said Barnsley’s are now down. “Computers are all down” in Stoke, as is Scunthorpe.

One source told Business Insider that they were turned away from Royal Free hospital in London. They were told there would be a four-to-five hour wait, as doctors resorted to writing things down on paper.

Some of our local NHS IT systems are currently down. We are working to rectify the problem asap. Apols for any inconvenience.
— Liverpool CH Trust (@NHSLiverpoolCH) May 12, 2017

In a statement, NHS Digital said: “The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.

“At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.

“NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations.”

The National Cyber Security Centre said: “We are aware of cyber incident and we are working with NHS Digital and the National Crime Agency to investigate.”

Shadow health secretary Jonathan Ashworth said, via Sky News: “This cyberattack is terrible news and a real worry for patients. Our hard-working NHS staff are already operating under unprecedented pressure and should be given every support to help the public in the face of these malicious and disturbing actions.

“This incident highlights the risk to data security within the modern health service and reinforces the need for cyber security to be at the heart of government planning. The digital revolution has transformed the way we live and work but we have to be ready for the vulnerabilities it brings too.”

According to Shaun Lintern, of Health Service Journal, the malware is affecting “x-ray imaging systems, pathology test results, phone & bleep systems & patient administration systems.”

Are you an NHS employee, or a patient? Have you been affected today? Get in touch: rprice@businessinsider.com

This story is developing…

000-017   000-080   000-089   000-104   000-105   000-106   070-461   100-101   100-105  , 100-105  , 101   101-400   102-400   1V0-601   1Y0-201   1Z0-051   1Z0-060   1Z0-061   1Z0-144   1z0-434   1Z0-803   1Z0-804   1z0-808   200-101   200-120   200-125  , 200-125  , 200-310   200-355   210-060   210-065   210-260   220-801   220-802   220-901   220-902   2V0-620   2V0-621   2V0-621D   300-070   300-075   300-101   300-115   300-135   3002   300-206   300-208   300-209   300-320   350-001   350-018   350-029   350-030   350-050   350-060   350-080   352-001   400-051   400-101   400-201   500-260   640-692   640-911   640-916   642-732   642-999   700-501   70-177   70-178   70-243   70-246   70-270   70-346   70-347   70-410   70-411   70-412   70-413   70-417   70-461   70-462   70-463   70-480   70-483   70-486   70-487   70-488   70-532   70-533   70-534   70-980   74-678   810-403   9A0-385   9L0-012   9L0-066   ADM-201   AWS-SYSOPS   C_TFIN52_66   c2010-652   c2010-657   CAP   CAS-002   CCA-500   CISM   CISSP   CRISC   EX200   EX300   HP0-S42   ICBB   ICGB   ITILFND   JK0-022   JN0-102   JN0-360   LX0-103   LX0-104   M70-101   MB2-704   MB2-707   MB5-705   MB6-703   N10-006   NS0-157   NSE4   OG0-091   OG0-093   PEGACPBA71V1   PMP   PR000041   SSCP   SY0-401   VCP550   352-001   101   102-400   MB2-707   70-178   JN0-102   640-911   ICGB   350-001   70-246   000-089   300-135   9A0-385   1V0-601   70-412   70-347   300-070   000-104   350-060   200-310