NHS hospitals hit in global ransomware attack

Hospitals across England are reporting problems with IT systems that are affecting healthcare treatment, caused by what could be a global ransomware campaign enabled by a leaked NSA exploit

Hospitals across England have been hit by a major ransomware attack, but the attacks may not be targeted at the NHS alone and could be part of a global ransomware campaign, say security experts.

NHS England has confirmed that a number of hospitals have been hit by a large-scale cyber attack, causing some to divert emergency patients. Doctors have reported receiving messages demanding payment, which appears to indicate that ransomware, which locks computer data and demands money for its release, is involved in the attacks. Hospitals reported problems with their email systems as well as clinical and patient IT systems.

Affected hospitals include those run by East and North Hertfordshire NHS trust, Barts NHS trust, Essex Partnership university NHS trusts, the university hospitals of Morecambe Bay NHS foundation trust, Southport and Ormskirk hospital NHS trust, and Blackpool teaching hospitals NHS foundation trust, while GP surgeries across Liverpool and parts of Greater Manchester also appear to have been affected.

Major disruption

England’s largest NHS trust, Barts, which was hit by a cyber attack in January 2017, said it is experiencing a major IT disruption.

Although the January attack was initially thought to be a ransomware attack, in March the trust said the attack was not caused by ransomware, but exploited a zero-day vulnerability, which had since been patched by the software supplier concerned.

The trust, which runs the Royal London, St Bartholomew’s, Whipps Cross, Mile End and Newham hospitals, said the IT disruption is causing delays at all its hospitals.

“We have activated our major incident plan to make sure we can maintain the safety and welfare of patients. We are very sorry that we have to cancel routine appointments, and would ask members of the public to use other NHS services wherever possible,” a spokesperson said.

Ambulances are being diverted to neighbouring hospitals. The problem is also affecting the switchboard at Newham hospital, but direct line phones are working.

“All our staff are working hard to minimise the impact and we will post regular updates on the website,” a spokesperson said.

East and North Hertfordshire NHS trust has also reported a major IT problem, which is said was believed to be caused by a cyber attack.

The trust said it is postponing all non-urgent activity and asked people not to go to A&E departments, but instead call NHS 111 for urgent medical advice or 999 if it is a life-threatening emergency.

“To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need,” the trust said in a statement.

NHS Digital, which is the national information and technology provider for the health and care system, said that by 15h30, 16 NHS organisations had reported that they have been affected by a ransomware attack.

“The investigation is at an early stage but we believe the malware variant is Wanna Decryptor,” NHS Digital said in a statement.

“At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.

“NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations, ensure patient safety is protected and to recommend appropriate mitigations.”

Continue reading…