James Paget Hospital in Gorleston affected by national large-scale NHS cyber attack
PUBLISHED: 16:01 12 May 2017 | UPDATED: 20:38 12 May 2017
James Paget University Hospital (JPUH) in Gorleston is one of a number of hospitals across the country which has been hit by a large-scale cyber attack.
The NHS has been plunged into chaos across the country, as IT systems appear to have broken and emergency patients were diverted to other areas.
At the JPUH, head of communications Ann Filby said they were not asking accident and emergency patients to go elsewhere, but they had reverted to a paper system.
She said: “We’ve got well-trained processes in place. We have not got to that stage [of asking patients to go elsewhere], we’ve gone to the paper system and there’s no impact on patients at the moment.”
Neither the Norfolk and Norwich University Hospital, in Norwich, or the Queen Elizabeth Hospital, in King’s Lynn, were affected.
But the NHS has advised computer systems across the country should be shut down, and paper systems used.
It is thought up to 40 NHS organisations have been involved nationwide.
And other services such as GP practices, walk-in centres and pharmacies have been told to turn off all systems connected to NHS servers.
The massive cyber hit is part of a wider international attack and there is no evidence that patient data has been compromised, Prime Minister Theresa May has said.
A pharmacy manager in Great Yarmouth, who wished to remain anonymous, said: “We received a phone call from an NHS representative requesting we turn off all systems connected to the NHS servers.
“We haven’t had any issues and imagine this is a cautionary measure.”
He said this could mean electronic prescriptions sent by GPs would not reach the pharmacy, but with surgeries under similar precautions, written prescription may be used instead.
The hack looks to be what is known as ransomware where malicious hackers break into computers and only allow access back when enough money is paid.
Pictures posted on social media showed screens of NHS computers with images demanding payment of 300 US dollars worth of the online currency Bitcoin, saying: “Ooops, your files have been encrypted!”
It adds: “Maybe you are looking for a way to recover your files, but do not waste your time.”
It demands payment in three days or the price is doubled, and if none is received in seven days the files will be deleted.
Hospitals and clinical commissioning groups (CCGs) in London, Blackpool, Hertfordshire and Derbyshire were among those to report problems.
St Barts Health NHS Trust, which runs The Royal London, St Bartholomew’s, Whipps Cross and Newham hospitals in London, said it had implemented its major incident plan to cope with disruption.
Some issues were thought to be caused by protective measures - such as shutting down systems - rather than the attack itself.
A statement from NHS Digital, the national information and technology provider for the health and care system, said: “A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack.
“The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.
“At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.
“NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations, ensure patient safety is protected and to recommend appropriate mitigations.
“This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.
“Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.”
The man responsible for IT security in the NHS recently warned that cyber attacks “have and will affect patient care”.
Writing in National Health Executive magazine in February, NHS Digital’s head of security Dan Taylor said: “The NHS is moving quickly to realise the fight to protect our critical information assets and systems starts on the frontline with our people, then our processes, backed up by technology.
“I’ll say this upfront: cyber-attacks have and will affect patient care.
“It is no longer just about our email or our IT but the digital transformation, which means delivery of care is underpinned by working software.”
In Suffolk, Ipswich Hospital and West Suffolk Hospital in Bury St Edmunds have not responded to requests for comment. West Suffolk Hospital’s website appears to be down.
The East of England Ambulance Service Trust said it has not been affected.
In Essex, a statement on Colchester General Hospital’s Facebook page read: “Today (Friday, 12 May 2017), the trust has experienced a major IT problem, believed to be caused by the cyber attack.
“Immediately on discovery of the problem, the trust acted to protect its IT systems by shutting them down.
“Therefore, we are postponing all non-urgent activity for today and we are asking people not to come to A&E. Please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency.
“People should use A&E only for critical or life-threatening situations requiring medical attention, such as loss of consciousness, heavy blood loss, suspected broken bones, persistent chest pain, difficulty breathing, overdoses, signs of a stroke, ingestion or poisoning. Avoid visiting A&E unless absolutely necessary.”
The attack came as several companies in Spain were hit by ransomware attacks. Telecoms firm Telefonica was one of those reporting problems.
Dr Anne Rainsberry, NHS Incident Director, said: “We’d like to reassure patients that if they need the NHS and it’s an emergency that they should visit A&E or access emergency services in the same way as they normally would and staff will ensure they get the care they need.
“More widely we ask people to use the NHS wisely while we deal with this major incident which is still ongoing.
“NHS Digital are investigating the incident and across the NHS we have tried and tested contingency plans to ensure we are able to keep the NHS open for business.”
What is Wanna Decryptor and how does it work?
Wanna Decryptor is a piece of malicious software that encrypts files on a user’s computer, blocking them from view and threatening to delete them unless a payment is made.
The virus is usually covertly installed on to computers by being hidden within innocent-looking emails containing links, which users are tricked into opening.
Once opened, the malware can install on to a system without the user’s knowledge.
The virus is then able to encrypt files and block user access to them, displaying a pop-up window on-screen telling users they have been blocked and demanding payment - often via a digital currency such as Bitcoin.
Transactions through digital currencies such as Bitcoin are harder to trace as they do not involve a central banking system to process or confirm transactions, instead relying on other users to do so in a peer-to-peer system, which increases the chances of anonymity.
It is possible to remove ransomware such as Wanna Decryptor without payment by using advanced anti-malware software.
The malware can also be removed manually with a computer in “safe mode”, however security experts warn this runs the risk of damage to a PC as users must go through sensitive system files in order to find and isolate files created by the Wanna Decryptor software.
Ransomware does not traditionally aim to steal personal or sensitive data held on a computer or system, instead focusing on blocking access to and threatening to delete files.
Aatish Pattni from cyber security firm Check Point, said the version of Wanna Decryptor used in the attack was a new piece of malware.
“The ransomware used in this attack is relatively new - it was first seen in February 2017, and the latest variant emerged earlier today, Friday 11 May,” he said.
“Even so, it’s spreading fast, with organisations across Europe and Asia being hit.
“It shows just how damaging ransomware can be - and how quickly it can cause disruption to vital services.
“Organisations need to be able to prevent infections taking hold in the first place, by scanning for, blocking and filtering out suspicious files content before it reaches their networks.
“It’s also essential that staff are educated about the potential risks of incoming emails from unknown parties, or suspicious-looking emails that appear to come from known contacts.”
Patients group says ‘lessons not learned’ from previous NHS IT incidents
The Patients’ Association condemned the criminals behind the cyber attack on the NHS but said lessons from earlier incidents had not been learned.
In a statement the group said: “We should be clear that responsibility for today’s apparently extensive attack on NHS IT systems, and for any harm that occurs to patients as a result, lies with the criminals who have perpetrated it.
“From reports so far, the attack appears to have been highly coordinated and aggressive and a police investigation will no doubt be required.
“However, that something of this sort could happen will surprise few people.
“It has long been known that the NHS struggles with IT in multiple respects and that this includes serious security problems.
“Though today’s may be the largest attack of this sort, it is not the first - yet the lessons from earlier incidents have not been learnt.
“The power of IT in transforming services for patients is undoubted, yet the NHS has struggled to harness it: centralised approaches have failed badly, while smaller scale local projects can easily give rise to huge variations in both quality and security.
“We are seeing today that IT security is critical to patient safety.
“Addressing it effectively and quickly is essential and requires appropriate investment.
“In this election period, we must look to our political parties for leadership - now is not the time to be squeamish about the cost of keeping our NHS secure.”
Shadow Health Secretary Jonathan Ashworth said the attack was a “real worry for patients.
“Our hard-working NHS staff are already operating under unprecedented pressure and should be given every support to help the public in the face of these malicious and disturbing actions.
“This incident highlights the risk to data security within the modern health service and reinforces the need for cyber security to be at the heart of government planning. The digital revolution has transformed the way we live and work but we have to be ready for the vulnerabilities it brings too.
“The Government need to be clear about what’s happened and what measures they are taking to reduce the threat to patients.
“The safety of the public must be the priority and the NHS should be given every resource to bring the situation under control as soon as possible.”
Dr Kubo Macak, senior lecturer in International Law at the University of Exeter and an expert on cyber warfare, said: “Early reports indicate that today’s cyber operations against the NHS may affect the care for many hospital patients, with potential impact on their health and lives.
“As such, if investigation shows that the cyber attack was directed by an outside state, it would amount to a violation of the UK’s sovereignty prohibited by international law.
“However, regardless of the origin of the attacks, the situation confirms how important it is to maintain resilience of the national critical infrastructure, including in the public health sector.”