Biggest cyber attack in history of NHS cripples services

More than 50 NHS organisations targeted by hackers demanding ransom and exposing flaws in IT security

The cyber hackers have exposed security flaws in NHS systems

The NHS is today poised for more crippling cyber attacks after Friday saw worldwide disruption when hackers demanding a ransom infiltrated medical computer systems.

The health service faces a week of chaos following the attacks, in which 47 NHS hospital trusts in England reported having their systems hacked into. 13 NHS organisations in Scotland were also affected.

In what is thought to be the biggest cyber attack in the history of the NHS; the thieves then demanded a ransom to return the files.

The healthcare sector can engineer a culture shift that will make it more resilient to cyberattack, allowing it to provide better care and preventing the need to cancel operations and treatments because of their networks being targeted by hackers

Some hospitals were forced to cancel treatment and appointments and, unable to use computers, many doctors resorted to using pen and paper. Those notes will then have to be added back into the digital systems.

The cost of the attack is unknown, in the UK or beyond, but BBC analysis of three accounts linked to the ransom demands suggest hackers have already been paid the equivalent of £22,080.

And the chaos could continue this week, according to experts, putting lives at risk as computers crash.

The viruses have been found across the world, with more than 57,000 infections in 99 countries.

And, while the NHS has said there was no evidence that patients’ medical records had been accessed, it was unable to say whether the hackers – who are threatening to delete information unless payment is received within a week – had the ability to destroy such records.

The news of this latest cyberattack against hospitals in the UK is part of a deeply-worrying trend, and makes it clear that no target is too low for hackers looking to make a quick buck

They are now being assisted by experts at GCHQ’s national cyber security centre.

Following the attacks, the Scottish Government issued a statement claiming they had been isolated and it expected most NHS computers would be back to normal by today.

And NHS England has told patients to attend hospital if they have an appointment unless they are advised not to.

Experts say more needs to be done to prevent such an attack happening again

But individual trusts are issuing their own advice. St Bartholomew’s in London said in a statement: “IT disruption is ongoing. Planned surgery and outpatient appointments will be reduced on Monday at the trust's five hospitals - the Royal London, Newham, Whipps Cross, Mile End and St Bartholomew's.

“Patients should attend booked appointments on Monday unless their hospital contacts them to say otherwise.”

And a spokesman for the James Paget University Hospitals NHS Trust in Norfolk, said: “All clinical and surgical appointments at the weekend were cancelled.

“Patients with appointments on Monday and Tuesday are being advised to attend unless they hear from their hospital. A&E wait times are longer than usual.”

Other trusts are advising people to steer clear of A&E unless it is an emergency as staff struggle to restore systems.

There is also a tendency to use an array of cyber-defence systems which inevitably work in silos, and this very patchwork ‘protection’ lulls institutions into a false sense of security when, in reality, they’re incredibly exposed

Following the attacks the Government said more than £50m was being spent on improving the security of NHS systems.

And ministers claim trusts had been repeatedly warned about the cyber threat to their systems.

But, in the aftermath of the attacks, Labour say the Conservatives have cut funding to the NHS's IT budget and specifically a contract to protect computer systems was not renewed after 2015.

And both Labour and The Liberal Democrats have demanded an inquiry into the attacks.

Cyber security experts say the latest problems show systems are weak and are warning the situation could get worse if not addressed.

Speaking to BBH, John Madelin, chief executive of cyber security specialist, Reliance acsn, said: “The news of this latest cyber attack against hospitals in the UK is part of a deeply-worrying trend, and makes it clear that no target is too low for hackers looking to make a quick buck.

“While specific details are sketchy, hospitals can make particularly-soft targets for hackers due to the need to focus on putting tight budgets into patient care.

Security strategies in the healthcare sector need a holistic treatment, with a more-integrated, better-executed, end-to-end approach – rather than multiple stand-alone security solutions working in siloes

“As with other organisations, there is also a tendency to use an array of cyber-defence systems which inevitably work in silos, and this very patchwork ‘protection’ lulls institutions into a false sense of security when, in reality, they’re incredibly exposed.”

He added: “Security strategies in the healthcare sector need a holistic treatment, with a more-integrated, better-executed, end-to-end approach – rather than multiple stand-alone security solutions working in siloes.

“The healthcare sector can engineer a culture shift that will make it more resilient to cyberattack, allowing it to provide better care and preventing the need to cancel operations and treatments because of their networks being targeted by hackers.

“The fact that patient care is being impacted by this attack is a sobering development, and representative of the damage that cyberattacks can have on organisations and the general public.”

And David Evans, director of policy and community at BCS, the chartered institute for IT, said the attack highlights the need for hospitals to have robust and tested cyber security, run by trained and supported IT professionals.

He added: “As news continues to break about this attack, we are reminded that there are some very sick and warped individuals in this world who would seek to put people’s safety and wellbeing at risk in return for money.

The attacks on the NHS trusts across the UK seem to show particularly ruthless calculation, even by criminal standards, banking on the trusts having weak defences and being especially desperate to restore access to their systems due to health, and even lives, being at stake

“The fact that some trusts have, as a result of this attack, had to turn patients away and put services on an emergency footing shows the reliance and trust placed on information and technology.

“Unfortunately, any system can be hacked, and that is why trusts must recognise how important it is that they support IT professionals who can protect and defend against such heinous attacks. The IT profession in health and care also needs to step up and meet that challenge.”

Matt Lock, director of sales engineer at software firm, Varonis, said the attacks showed the need for a wider shake-up within the health service.

He told BBH: “This cyberattack on a rapidly-growing list of NHS trusts is shining a big, bright spotlight on the holes in their defences.

”Organisations should ensure t they actively monitor their IT infrastructure, specifically users and the files and emails they can access, and then perform regular attestations of access rights to reduce overexposed sensitive from being hijacked in the first place, as well as perform user behaviour analytics against threat models that look for signs of ransomware activity.”

The fact that some trusts have, as a result of this attack, had to turn patients away and put services on an emergency footing shows the reliance and trust placed on information and technology

Israel Barak, chief information security officer at cyber security firm, Cybereason, said: “We know that ransomware purveyors are often savvy e-marketers that know their targets, and it is not uncommon for a ransomware gang to run multiple campaigns at the same time, with tiered pricing based on a variety of parameters such as vertical industry, region, age, etc.

“However, the attacks on the NHS trusts across the UK seem to show particularly ruthless calculation, even by criminal standards, banking on the trusts having weak defences and being especially desperate to restore access to their systems due to health, and even lives, being at stake.

“While ransoms have surpassed the hundreds of thousands mark, the goal is to set a price that makes it either cheaper or easier for the victims to pay the ransom then to recreate or restore the compromised systems, especially when the victim has a sense of urgency.

“Today’s ransoms show that this can still be very costly, especially when it comes to lost operational time and data.

“We've seen many examples where companies didn't have the proper backups in place and decided to pay the ransom so that they could resume normal business operations, and that will obviously be a pressing concern for the affected trusts.”

Companies