NHS organisations hit by encryption virus attack

Several hospitals and trusts hit by ransomware attack that goes beyond the healthcare sector

A number of NHS England organisations have been among those hit by a ransomware attack.

Hand coming out of computer screenNHS Digital said at 3.30 on the afternoon of 12 May 16 organisations has reported that they been affected, and attributed the attacks to the malware variant Wanna Decryptor.

This encrypts files on the victim’s computer and is followed up by a ransom demand in exchange for granting the user access to the affected files.

NHS Digital said the attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. It added that so far there is no evidence that patient data has been accessed.

The organisation, which leads IT provisions for the NHS, said it is working with the National Cyber Security Centre (NCSC), the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.

“Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available,” it said in a statement.

Shut down

According to report from the BBC, hospitals and trusts in in London, Blackburn, Nottingham, Cumbria and Hertfordshire have been affected. Derbyshire Community Health Services NHS Trust said it had shut down all of its IT systems.

BCS – the Chartered Institute for IT, said the news highlights the need for hospitals to have robust and tested cyber security.

Its director of policy and community, David Evans, commented: “Unfortunately, any system can be hacked, and that is why trusts must recognise how important it is that they support IT professionals who can protect and defend against such heinous attacks. The IT profession in health and care also needs to step up and meet that challenge.”

Antony Walker, deputy chief executive officer at IT industry association techUK, said: “This is clearly an evolving situation, but it is an important reminder for all organisations of the need to ensure that IT systems are up to date and staff have the tools and awareness they need to stay cyber secure. Organisations running out-dated systems are more vulnerable to these types of attack. 

“There is much organisations can do to protect themselves. The NCSC has published guidance for anyone concerned about vulnerability to these form of attacks. The Cyber Essentials scheme is a good starting place for understanding how to stay cyber secure.”

Photo: iStockphoto/Henrik Jonsson