Cyber attack forces U.K. hospitals to turn away patients

Register now

British hospitals urged people with non-emergency conditions to stay away after a cyber attack affected large parts of the country’s National Health Service.

Sixteen NHS organizations were hit in the U.K. on Friday, while a large number of Spanish companies were also attacked using ransomware. It’s not yet clear if the attacks were coordinated.

Security experts in the U.S. reported that security and healthcare leaders are seeking to find solutions to prevent the NHS outbreak from recurring here.

“The NHS has experienced a major cyber attack, we are working with law enforcement and our advice will follow shortly,” Action Fraud, the U.K.’s central cyber-crime unit said on Twitter. The National Cyber Security Center said: “We are aware of cyber incident and we are working with NHS Digital and the National Crime Agency to investigate.”

Hospitals in London, North West England and Central England have been affected, according to the BBC. Mid-Essex Clinical Commissioning Group, which runs hospitals and ambulances in an area east of London, said on Twitter that it had “an IT issue affecting some NHS computer systems,” adding “Please do not attend Accident And Emergency unless it’s an emergency.”

The impact on services is not a result of the ransomware itself, but due to NHS Trusts shutting down systems to prevent it from spreading, said Brian Lord, a former deputy director of Government Communications Headquarters (GCHQ), the U.K.’s signals intelligence agency, who is now managing director of cybersecurity firm PGI Cyber. Lord, who described an attack of this type as "inevitable," said the impact was exacerbated because most NHS Trusts had "a poor understanding of network configuration, meaning everything has to shut down."

A screenshot of an apparent ransom message, sent to a hospital, showed a demand for $300 in bitcoin for files that had been encrypted to be decrypted.

Workers across the NHS have since been sent emails from the health service’s IT teams warning not to open or click on suspicious attachments or links.

Spain’s National Cryptologic Center, which is part of the country’s intelligence agency, said on its website that there had been a “massive ransomware attack” against a large number of Spanish organizations affecting Microsoft Windows operating system. El Mundo reported that the attackers sought a ransom in bitcoin.

“We’re aware of reports and are looking into the situation,” said a Microsoft spokesperson.

Ransomware typically gets onto a computer when a person unsuspectingly downloads a file that looks like a normal attachment or, alternatively, clicks on a web link. A hacker then can trigger the malware to freeze the computer, prompting a person to pay a ransom or lose all their files.

Hospitals have been a common target because the culprits know how critical digital records are for treating patients.

Ransomware attacks have also been soaring. The number of such attacks increased 50 percent in 2016, according to an April report from Verizon Communications. These types of attacks account for 72 percent of all the malware incidents involving the healthcare industry in 2016, according to Verizon.

"The large-scale cyber-attack on our NHS today is a huge wake-up call," said Jamie Graves, chief executive officer of cyber-security company ZoneFox.

Andrew Barratt, managing principal of Coalfire, a company which provides cybersecurity risk assessments to the healthcare sector, said that many NHS hospitals used personal computers with outdated Windows-based operating systems, which have makes them easy to attack. He said many of these systems were too old to patch and that many NHS Trusts did not spend enough time on technical best practices and audits, leaving them vulnerable to a variety of potential cyber attacks, including ransomware.

For reprint and licensing requests for this article, click here.