The NHS hack is part of a huge global cyber attack that has crippled tens of thousands of computers in 74 countries – bringing down Spain’s mobile phone network and blanking screens across the Russian government.
The technological meltdown began early this afternoon in Britain where more than 40 NHS organisations including hospitals and GP surgeries were hit by the ‘ransomware’.
It locks users’ computers then orders them to pay a fee of hundreds of dollars or have their files deleted within days.
Victims have been reported in at least 74 countries around the world including the US, Australia, Belgium, France, Germany, Italy and Mexico – with the virus thought to be spreading at a rate of five million emails per hour.
Russia is thought to have been hit the worst by the ransomware amid reports that computers in the country’s Interior Ministry have been affected.
Computer expert Lauri Love, who is facing extradition to the US over the alleged theft of data from government computers, said the attack is being powered by a ‘top of the range cyber weapon’ used by spies in the US.
It appears the cyber attack affected so many computers in the UK in the NHS and in Spain by taking advantage of a very nasty vulnerability in Microsoft Windows, which was dumped by hacking group Shadow Brokers who obtained it from the NSA in America.
In Spain, the Telefonica mobile phone network was hit with computers on an internal network being infected by the ransomware.
Security teams at large financial services firms and businesses were reviewing plans for defending against cyber attacks, according to executives with private cyber security firms.
Chris Wysopal, chief technology officer with cyber security firm Veracode, said:
Seeing a large telco like Telefonica get hit is going to get everybody worried.
Now ransomware is affecting larger companies with more sophisticated security operations.
In Spain, some big firms took pre-emptive steps to thwart ransomware attacks following a warning from the National Cryptology Centre of ‘a massive ransomware attack’.
Iberdrola and Gas Natural, along with Vodafone’s unit in Spain, asked staff to turn off computers or cut off internet access in case they had been compromised.
In December 2016 it was revealed about 90 per cent of NHS Trusts were still running Windows XP, two and a half years after Microsoft stopped supporting the system.
Citrix, an American software company, sent a Freedom of Information request to 63 NHS Trusts, 42 of which responded.
It revealed that 24 Trusts were unsure when they would even upgrade, The Inquirer reported.
Windows XP was released more than 15 years ago and is now particularly vulnerable to viruses. Microsoft stopped providing virus warnings for the ageing Windows XP in 2015.
The list of hospitals that continue to run the outdated software include East Sussex, which has an estimated 413 Windows XP machines, Sheffield’s Children’s hospital with 1,290 PCs, and Guy’s and St Thomas’ NHS Trust with 10,800 Windows XP-powered PCs.
One message circulated online claims the hackers demand 300 US dollars (£230) in the virtual currency bitcoins to relinquish control of their IT systems.
The pop-up contains a countdown clock with a deadline of next Friday.
At least 10 payments of around 300 US dollars have been made to Bitcoin accounts that the hackers have asked to be paid this afternoon.
But, although all Bitcoin transactions are public, we cannot see who made the payments so cannot know if they have been made by anyone in the NHS.
‘Non urgent’ appointments and operations have been postponed across the country and some hospitals have diverted ambulances to neighbouring ones to ensure patient safety.
Computer systems have been switched off or immobilised and key services including the bleeper system for doctors are also believed to be down.
In the minutes after the attack one doctor tweeted: ‘Massive NHS hack cyber attack today. Hospital in shut down. Thanks for delaying emergency patient care & endangering lives. Assholes’.
NHS Digital, which is responsible for the health service’s cyber security, says computer systems are believed to have been hit by a ransomware cyber attack using malware called ‘Wanna Decryptor’.
Three hospitals in America were hit in the same way last year.
The National Cyber Security Centre is investigating and is working with Britain’s FBI – the National Crime Agency.
GP surgeries hit in the attack say their phones are down and patients should avoid calling unless ‘absolutely necessary’ and doctors are back to using pen and paper in some areas.
Explaining the fallout one doctor said in a message shared on Twitter: ‘So our hospital is down. We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone.’
A screenshot obtained by the Health Service Journal (HSJ) purported to show the pop-up that appeared on at least one of the computers affected.
It said: ‘Your important files are encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time.
‘Nobody can recover your files without our decryption service.’
It goes on to demand payment, otherwise the files will be deleted. It gives a deadline of next Friday afternoon, May 19, to pay.
The HSJ said services affected were thought include archiving systems for X-rays, pathology test results, phone and bleep systems, and patient admin systems.
Barts NHS Trust in east London said they are treating it as a ‘major incident’ to ensure they can ‘maintain the safety and welfare of patients’.
A spokesman said: ‘We are experiencing a major IT disruption and there are delays at all of our hospitals.
Ambulances are being diverted to neighbouring hospitals. The problem is also affecting the switchboard at Newham hospital but direct line phones are working. All our staff are working hard to minimise the impact and we will post regular updates on the website.
Fylde and Wyre NHS Trust and Blackpool Hospitals in Lancashire, East and North Hertfordshire NHS Trust and Derbyshire Community Health Services NHS Trust have admitted having problems.
Colchester University Hospitals Trust is also a victim as is neighbouring Chelmsford in Essex.
York Teaching Hospital NHS Foundation Trust which runs York and Scarborough hospitals has confirmed its computers have been affected by the widespread attack.
They have urged people to be patient and avoid calling GP surgeries and hospitals unless ‘absolutely necessary’.
NHS Merseyside said: ‘Following a suspected national cyber attack we are taking all precautionary measures possible to protect our local NHS systems and services’.
Article date : 12 May 2017