NHS Cyber Attack: What You Need To Know

Last Friday, you will have heard about the NHS cyber attack: one in five NHS trusts was hit by a ‘ransomware’ cyber attack – a type of malware that locks computer files and then demands payment in exchange for unlocking the data.

The attack used malware called ‘WannaCryptor’ or ‘WannaCry’ to exploit a vulnerability in Windows XP, which many NHS systems use despite previous concerns.

By Monday, most NHS systems appeared to be operating as normal, although NHS Digital reported that seven of the 47 trusts hit by the attack are still seeking emergency support.

How has the cyber attack affected the NHS?

Last Friday, NHS staff were locked out of their computers, disrupting thousands of patients across the UK as appointments and operations were forced to be cancelled.

Files saved on the computers, like patient notes and appointment details, were impossible to access or retrieve without paying a ransom of $300 (£230) in Bitcoin.

Mike Viscuso, chief technology officer of security firm Carbon Black, said that, “The attack against the NHS demonstrates that cyber-attacks can quite literally have life and death consequences […] this attack serves as an additional clarion call that healthcare organizations must make cybersecurity a priority, lest they encounter a scenario where lives are risked.”

Why was the NHS vulnerable to attack?

Cyber experts have suggested that NHS trusts were vulnerable as they were using old IT systems – Kingsley Manning, the former chairman of NHS Digital, told the BBC on Saturday that several hundred thousand computers were still running on Windows XP – an 18-year-old operating system.

In March, Microsoft provided free security software to protect computers, which many trusts failed to implement, leaving them vulnerable to attack.

The NHS cyber attack has also sparked political debate over NHS spending, with Labour and the Liberal Democrats claiming that the NHS’s vulnerability was due to the government’s failure to upgrade hospital IT systems.

It’s been reported that the Conservatives cut cybersecurity spending a year ago, deciding not to extend a £5.5m support deal with Microsoft, despite concerns being repeatedly raised about the IT system’s vulnerability.

Liberal Democrat home affairs spokesperson Brian Craddick said, “We need to get to the bottom of why the government thought cyber-attacks were not a risk, when a combination of warnings and plain common sense should have told ministers that there is a growing and dangerous threat to our cybersecurity.”

NHS Cyber Attack Timeline:

Friday 12th May

• One in five NHS trusts hit by the cyber attack.
• More than 200,000 computers in 150 countries hit by the attack.

Saturday 13th May

• A cybersecurity researcher, tweeting as @MalwareTech, found and accidentally activated a ‘kill switch’ in the malware code.
• He warned users to update their systems, stating that, “This is not over. The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.”

Sunday 14th May

• Patients are urged to avoid GPs on Monday as a result of the NHS cyber attack.
• Dr Helen Stokes-Lampard, chairman of the Royal College of GPs, said the attacks have had an “extensive impact” on GP practices, adding that, “The concern is that on Monday morning the appointment system may not be working, some places may not be able to access routine results, even the phone lines in some cases may not be working.”
• In the afternoon, several hospitals, including Barts, were forced to turn patients away from A&E while they battled the attack.

Monday 15th May

• Seven of the 47 NHS trusts affected are still battling the attack – including Barts, which is continuing to turn patients away and is experiencing ‘significant delays’.
• Patients are being warned of slow service at surgeries.
• Health Secretary Jeremy Hunt has refused to answer any questions on whether or not he was warned about NHS IT security.

Tuesday 16th May 

• Patients are no longer being diverted from A&E units
• National incident director Dr Anne Rainsberry said: “Patients are no longer being diverted away from hospital accident and emergency units and, while there is still some disruption in a small number of areas, most patients are being treated as normal.”