The National Health Service (NHS) has been hit by an unprecedented, large-scale cyber-attack.
Many hospitals have been forced to divert and even cancel non-emergency procedures, and doctors and others are reporting messages demanding money in exchange for access to computer files.
The hack is being described as a so-called “ransomware” attack, and a similar attack happened recently in Spain. It is thought to have originated from a virus delivered in an e-mail.
NHS England said it was aware of the problem and would release more details soon.
The NHS has already come under fire for allegedly not preparing sufficiently for such an attack or spending enough money on cyber security. The attack could have political ramifications.
There is no evidence at this time that patient data has been accessed, and other organisations apart from the NHS could have been hit.
In a message to a Guardian reporter, one NHS IT worker said: “At approximately 12.30pm we experienced a problem with our email servers crashing. Following this a lot of our clinical systems and patient systems were reported to have gone down.
“A bitcoin virus pop-up message had been introduced on to the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen. This followed with an internal major incident being declared and advised all trust staff to shut down all PCs in the trust and await further instructions.
“This is affecting the east of England and number of other trusts. This is the largest outage of this nature I’ve seen in the six years I’ve been employed with the NHS.”
Amongst those affected is the East and North Hertfordshire NHS Trust, Barts Health in London, Essex Partnership university NHS trusts, the university hospitals of Morecambe Bay NHS foundation trust, Southport and Ormskirk hospital NHS trust, and Blackpool teaching hospital NHS foundation trust.
East and North Hertfordshire NHS trust said in a statement: “Today (Friday, 12 May 2017), the trust has experienced a major IT problem, believed to be caused by a cyber attack.
“Immediately on discovery of the problem, the trust acted to protect its IT systems by shutting them down; it also meant that the trust’s telephone system is not able to accept incoming calls.
“The trust is postponing all non-urgent activity for today and is asking people not to come to A&E – please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency.
“To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need.”
More follows…