NHS hospitals in England hit by massive cyberattack

The NHS has confirmed that a number of hospitals across England have been the victims of a large scale cyberattack, with NHS employees taking to social media claiming that PCs in their hospitals were displaying a message saying "your computers are now under their control and pay a certain amount of money. And now everything is gone.”

Taking over a PC and threatening to delete its data unless money is paid is a classic move of ransomware viruses, and while they can cause anguish and disruption when infecting home and business machines, when it comes to hospitals lives could be at stake.

Affected hospitals are postponing all non-urgent activity and are asking people not to come to A&E. Instead people should dial 111 for urgent medical advice, or 999 if it is a life-threatening emergency.

A statement released by East and North Hertfordshire NHS trust, which covers some of the hospitals affected, says that “today (Friday, 12 May 2017), the trust has experienced a major IT problem, believed to be caused by a cyber attack.

“Immediately on discovery of the problem, the trust acted to protect its IT systems by shutting them down; it also meant that the trust’s telephone system is not able to accept incoming calls.”

Warning signs

Unfortunately, it was only a matter of time before a cyberattack of this scale would hit hospitals, with a warning from Andrew Avanessian, vice president at Avecto, a global security software company, circulating a few days ago that said that “hospitals are often targets due to the value of the data they hold. Not only does patient data have a resale value, it’s sensitive enough that NHS Trusts are likely to pay a ransom to get it back if it becomes encrypted.”

While we’d often advise people infected by ransomware to contact the police before paying any sort of ransom – mainly because there’s no guarantee that the malicious users behind the malware will release your data even if they get paid – the NHS doesn’t have that luxury considering lives could be at stake.

Avanessian suggested that it could be outdated software that caused the problem here, saying “outdated systems can often be to blame, and it’s bad news for patients that 90% of Trusts are running old versions of Windows that are riddled with security holes.”

He suggested NHS trusts update their software as soon as possible, but sadly it looks like it’s too late.

We’ll update this story as more information comes in.