NHS services in England and Scotland hit by global cyber-attack

The National Health Service (NHS) has been hit as part of a global cyber-attack that threw hospitals and businesses in the UK and around the world into chaos.

The unprecedented attacks appeared to have been carried out by hackers using a tool stolen from the National Security Agency (NSA) in the US. They affected as many as 74 countries and at least 16 NHS trusts in the UK, compromising IT systems that underpin patient safety. Staff across the NHS were locked out of their computers and trusts had to divert emergency patients.

As the prime minister, Theresa May, confirmed that the NHS disruption was part of a wider international event, the attack was declared a major incident by NHS England. In Scotland, the first minister, Nicola Sturgeon, chaired a resilience meeting on the issue.

The same malicious software that hit NHS networks attacked some of the largest companies in Spain and Portugal, including phone company Telefónica, and has also been detected on computers in Russia, Ukraine and Taiwan among other countries. The international shipping company FedEx was also affected.

Kaspersky Lab, a cybersecurity company based in Moscow, estimated that 45,000 attacks had been carried out in 74 countries, mostly in Russia. In a blogpost, it added that the totals could be “much, much higher”.

In the UK, computers in hospitals and GP surgeries simultaneously received a pop-up message demanding a ransom in exchange for access to the PCs.

A warning was circulated on Friday within at least one NHS trust of “a serious ransomware threat currently in circulation throughout the NHS”, but the attack proved impossible to stop. Patient records, appointment schedules, internal phone lines and emails were rendered inaccessible and connections between computers and medical equipment were brought down. Staff were forced to turn to pen and paper and to use their own mobile phones.

Computer security experts suggested that the crisis could reflect weaknesses in the NHS’s cybersecurity. Ross Anderson, of Cambridge University, said the attack appeared to exploit a weakness in Microsoft’s software that was fixed by a “critical” software patch earlier this year but which may not have been installed across NHS computers.

The vulnerability that appears to have been exploited was allegedly discovered and developed by the NSA and then stolen by an online group known as the Shadow Brokers.

“If large numbers of NHS organisations failed to act on a critical notice from Microsoft two months ago, then whose fault is that?” Anderson said.

Alan Woodward, a visiting professor of computing at the University of Surrey, said the attack appeared to exploit the same problem as the Microsoft vulnerability. He added that the attack’s success “is likely to be because some organisations have either not applied the patch released by Microsoft, or they are using outdated operating systems”.

NHS Digital said it was unable to comment on the suggestion.

We would like to take this as an opportunity to remind everyone to take proactive measures to ensuring your systems are secure and up to date.

Source: TheGuardian, “NHS services in England and Scotland hit by global cyber-attack