Hospital computers across Britain shut down by cyberattack, hackers demanding ransom

Hospitals across Britain have been hit by a large-scale cyberattack. Some are having to divert emergency patients, with doctors reporting messages demanding money.

National Health Service (NHS) hospitals across the country were hit by a bug spreading through their IT systems. Doctors have been posting on Twitter about what has been happening.

NHS Digital which has responsibility for IT systems says the attack is not believed to have been a targeted one.   It has named the malware 'Wanna Decryptor' as the likely cause of the problem, but insists there is no evidence that patient data has been accessed.

Prime Minister Theresa May is being kept informed on the situation, a spokesperson for her office told Reuters, while health minister Jeremy Hunt has been briefed by cyber security officials.

A screengrab of an instant message conversation circulated by one doctor says: “So our hospital is down … We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone.”

A second doctor tweeted: “Massive NHS hack cyber attack today. Hospital in shut down. Thanks for delaying emergency patient care & endangering lives. Assholes.”

East and North Hertfordshire NHS Trust, one of those affected, said in a statement: “Today, the trust has experienced a major IT problem, believed to be caused by a cyber attack.

“Immediately on discovery of the problem, the trust acted to protect its IT systems by shutting them down; it also meant that the trust’s telephone system is not able to accept incoming calls.

“The trust is postponing all non-urgent activity for today and is asking people not to come to A&E.”

Blackpool Hospitals, also affected, tweeted: “Our computer systems are experiencing problems and we are working hard on a solution. We will update you as soon as possible.”

Sky News reported that sources inside the department of health had described the attack as "unexpected, but not unprecedented."  

According to reports, affected hospitals include those run by East and North Hertfordshire NHS trust, Barts Health in London, Essex Partnership university NHS trusts, the university hospitals of Morecambe Bay NHS foundation trust, Southport and Ormskirk hospital NHS trust and Blackpool teaching hospital NHS foundation trust.

Services affected are thought to include picture archiving communication systems for x-ray images, pathology test results, phone and bleep systems and patient administration systems, the Telegraph reports.

“At approximately 12:30pm we experienced a problem with our email servers crashing. Following this a lot of our clinical systems and patient systems were reported to have gone down,” an NHS IT worker said in a message to a Guardian reporter.

“A bitcoin pop-up message had been introduced onto the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen.

“This followed with an internal major incident being declared and advised all staff to shut down all PCs in the trust and await further instructions.”

There are reports of messages on computers saying: “Oops. Your files have been encrypted,” and demands for bitcoin to be paid.

© enherts-tr.nhs.uk

The hack appears to be an example of ransomware, where malicious hackers break into computers and only allow their owners back in when they pay enough money.

The attackers are allegedly demanding $300-worth (£232) of the digital currency bitcoin, otherwise the files will be deleted. It gives a deadline of May 19 to pay.

A screenshot obtained by the Health Service Journal (HSJ) purported to show the pop-up that appeared on at least one of the computers affected.

It said: “Your important files are encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time.

“Nobody can recover your files without our decryption service.”

On Friday, Spain’s government warned that large numbers of companies had been attacked by cyber criminals who infected computers with the same ransomware used on the NHS.

The victims included Telefonica, the nation’s biggest telecommunications firm.