NHS grapples with fallout from global cyber attack

15 May 17

The NHS is evaluating the full impact of a global cyber-attack that hit on Friday amid fears a number of systems could have been infected over the weekend.

In England, 47 trusts were victim to the attack and 13 NHS organisations in Scotland were also affected.

The attack involved the spread of malicious ransomeware, which locks users' files and demands £230 ($300). It forced some hospitals to cancel treatments and appointments, and divert ambulances to other sites.

Today, seven trusts out of 47 that were hit are still trying to solve serious issues, but patients have been advised to attend planned appointments, unless advised otherwise.

There are concerns that the “complex emerging picture” could get worse as workers return to their computers from the weekend break.

The virus that hit the NHS in England and Scotland, known as Wanna Decryptor or WannaCry, has infected 200,000 machines in 150 countries since Friday.

It locks down computers by exploiting a vulnerability in Microsoft Windows software.

It is understood that many NHS organisations had failed to apply security updates released by Microsoft or were using Windows XP, an older version of the operating system.

This morning, Chris Hopson, chief executive of NHS Providers, said this attack should be kept in perspective. “This is not something that is specific to the NHS [it] has affected leading edge companies including FedEx, Telefonica, Nissan and Deutsche Bahn.

“It’s worth pointing out that 80% of NHS trusts were not affected. However, 20% were, so clearly we will need to work out what has happened, and learn from this event.

"But the quick rush by some to lay the blame on “incompetent NHS managers” is disappointing. It feels like the usual NHS bashing and is unsupported by evidence. This unfortunate blame game may in part be down to the fact that we are in the middle of a general election campaign."

Yesterday defence secretary Michael Fallon insisted NHS trusts were warned about the outdated system, and said the government was spending "around £50m on the NHS cyber systems to improve their security”.

Fallon said that fewer than 5% of trusts were currently using Windows XP.

Jonathan Ashworth, Labour’s shadow health secretary, condemned the attackers “whose flagrant disregard for our health service has placed patient wellbeing at risk” and demanded a full inquiry into the cyber attack and the level of cyber security of the country’s public services.

He cited freedom of information requests which showed that 79 English Trusts, more than 33%, had suffered ransomware attacks since June 2015 and stated “it is abundantly clear that our NHS should have been better prepared for ransomware attacks”.

The Liberal Democrats have joined calls for an inquiry. The party’s home affairs spokesman Brian Paddick said: “We need to get to the bottom of why the government thought cyber-attacks were not a risk, when a combination of warnings and plain common sense should have told ministers that there is a growing and dangerous threat to our cyber-security.”

There have been calls for the government to invest more in cyber security.

Unison general secretary Dave Prentis, said: "This senseless cyber attack will make their jobs even harder. The government must take urgent action to get hospitals up and running again. 

"They must also spend the cash to protect staff and patients from future incidents."

Microsoft have released a statement saying the latest wave of attacks by cyber criminals was a “wake up” call for governments and the private sector.

Brad Smith, Microsoft’s president and chief legal officer, said: “We should take from this recent attack a renewed determination for more urgent collective action.

“We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks. More action is needed, and it’s needed now.

“In this sense, the WannaCrypt attack is a wake-up call for all of us.”

Did you enjoy this article?