NHS hit by ransomware attack, hospitals across country shutting down- The Register

Updated Multiple NHS hospitals have shut down systems and are telling patients not to come in due to what is being described as a nationwide ransomware attack.

Several hospital trusts, including NHS Mid-Essex CCG and East and North Hertfordshire, have said they are suffering significant IT systems problems.

NHS Digital said: "We're aware that a number of trusts that have reported potential issues to the CareCERT team. We believe it to be ransomware."

Here's the malware attack which appears to have hit NHS hospitals right across England today pic.twitter.com/zIAJ6wbAG5

Lawrence Dunhill (@LawrenceDunhill) May 12, 2017

We're aware of an IT issue affecting NHS computer systems. Please do not attend A&E unless it's an emergency. Thank you for your patience.

NHS Mid Essex CCG (@MidEssexCCG) May 12, 2017

East and North Hertfordshire NHS confirmed in a press statement: "Today, the Trust has experienced a major IT problem, believed to be caused by a cyber attack.

"Immediately on discovery of the problem, the Trust acted to protect its IT systems by shutting them down; it also meant that the Trust's telephone system is not able to accept incoming calls.

"The Trust is postponing all non-urgent activity for today and is asking people not to come to A&E please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency."

It said the Trust's IT specialists were working to resolve the problem.

One reader wrote in to inform us of the ongoing issue. He said: "I'm led believe that there is a major attack underway on the NHS with systems down nationwide."

He added: "My wife is a GP and their systems were just shut down and they were told it was because of a 'National hack of the computer health care system'."

Update

Payments appear to be being made to the Bitcoin addresses given in the NHS ransomware attack which in turn confirms that the same strain of malware has infected Telefnica Spain, Gareth Corfield reports.

There are at least two addresses visible in screenshots of the malware reported by British sources.

One of those addresses, 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn, is visible in BBC tech editor Rory Cellan-Jones' tweet of a London GP's view of the malware:

Here's what a London GP sees when trying to connect to the NHS network pic.twitter.com/lV8zXarAXS

Rory Cellan-Jones (@ruskin147) May 12, 2017

The same address is visible in BleepingComputer's screenshot of the malware in its report about an earlier infection of Telefnica Spain with malware.

A payment of 0.15 Bitcoin worth roughly $266 dollars at the time of writing was made to that address two hours ago, as the Blockchain tracker shows. It is not possible to say who paid this amount. The NHS attackers are asking for $300 worth of Bitcoin in ransom payments.

NHS Digital response

NHS Digital confirmed a number of organisations have reported they have suffered a ransomware attack which is affecting a number of different organisations.

It said: "The investigation is at an early stage but we believe the malware variant is Wanna Decryptor. At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this. NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations. This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

"Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available."

Share on: