UPDATED: NHS hit by huge cyber attack - avoid A&E and walk-in centres 'unless absolutely necessary'

editorial image
Share this article

Computers have been shut down across the country after NHS computers were hit by a cyber attack, plunging the health service into chaos.

A virus targeted the health service network, including on the Fylde coast, this afternoon and has since spread across the country.

A screenshot of the demand purportedly appearing on NHS computers across the country (Pic: Health Service Journal)

A screenshot of the demand purportedly appearing on NHS computers across the country (Pic: Health Service Journal)

Prime Minister Theresa May said it came as part of a wider international attack.

Tech experts are now battling to fix the problem, which the NHS has declared a 'major incident', and computers at walk-in centres, hospitals, and at GP surgeries have been taken offline, along with some telephone services.

Patients have now been urged to avoid them all 'unless absolutely necessary', and should instead call 111 for triage and medical advice.

GP and hospital appointments already arranged for this afternoon were still being held, it is understood, but new appointments cannot be made.

Medical notes will be taken using pen and paper until IT systems are brought back online, it is understood.

A spokesman for NHS Digital, which is responsible for cyber security in the health service, said: "A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack which is affecting a number of different organisations.

"The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.

"At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.

"NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations.

"This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

"Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available."

Sixteen NHS organisations were initially thought to have been affected, though some reports have suggested the problem is more widespread.

A spokeswoman for Blackpool Victoria Hospital, which has been impacted, pleaded for patients in the resort to only attend A&E in life-threatening emergencies, and asked for patience in other departments, which are running slower than usual.

Patients should attend weekend appointments there unless told otherwise.

Lancashire Teaching Hospitals Trust, which runs Chorley and Preston hospitals, said outpatient appointments and all planned procedures over the weekend are cancelled unless patients are contacted and told otherwise.

"Please only go to the emergency department or urgent care centre at Chorley and Preston if it is absolutely necessary," it said in a statement.

Morecambe Bay NHS Trust, which runs the Royal Lancaster Infirmary, tweeted: "We apologise but we are having issues with our computer systems.

"Please do not attend A&E unless it's an emergency. Thank you."

Lancashire Care, which provides mental health services across the county, declined to comment.

Dr Naughton, also a GP at The Thornton Practice, said earlier: "This is a problem that is affecting the whole of Lancashire.

"Patients are still being seen and practices are open for business, but patients need to be aware that, because we can't see their records or medicines history, if their problem can wait until the system is back online, please do so."

In a joint statement, Blackpool CCG and Fylde and Wyre CCG added: "There is an ongoing IT issue affecting NHS computer systems across Blackpool, Fylde and Wyre.

"NHS services are open and operating as normal. However, we ask local people for their understanding and encourage the appropriate use of these services.

"Please only visit the A&E department at Blackpool Victoria Hospital in urgent and emergency situations.

"The Walk-In Centre on Whitegate Drive, and Same Day Health Centre in Fleetwood will treat urgent but non life-threatening illnesses and injuries as normal.

"If you need medical advice for a non-urgent condition over the weekend, the NHS 111 helpline can provide fast and free advice.

"Your local pharmacy can also advise of treatment for minor ailments.

"We thank people for their understanding and co-operation."

The 'majority' of GP surgeries in Blackpool, Fylde, and Wyre, have been affected, they added.

Ransomware installs itself covertly on devices and then holds information hostage until a ransom is paid.

A screenshot obtained by the Health Service Journal (HSJ) purported to show the pop-up that appeared on at least one of the computers affected.

It said: "Your important files are encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service."

It goes on to demand $300 of the digital currency bitcoin, otherwise the files will be deleted.

It gives a deadline of next Friday afternoon to pay.

Wanna Decryptor is believed to be the same virus that has hit Telefonica and several other large organisations in Spain today.

The HSJ said services affected were thought to include archiving systems for x-rays, pathology test results, phone and bleep systems, and patient admin systems.

Speaking on the condition of anonymity, one hospital IT worker told The Gazette he believed between 25 and 30 trusts have been affected.

He said: "User shared drive access is down. Emails slowly going.

"Non-essential PCs are being shut down and waiting times are estimated to increase.

"There's nothing we can do except sit back and watch it collapse. The ransom message is exactly the same here, but with different bitcoin links, which is standard.

"It's a goodbye to the IT systems."

Coun Derek Robertson, who represents Waterloo ward on Blackpool Council, was told he could not be discharged from Blackpool Victoria Hospital due to the IT breakdown.

He said: "At 3pm the doctor cleared me to leave, but then the cyber attack happened and it means I can't be discharged because I can't get the discharge papers or prescription medicines I need.

"I've been in hospital since Sunday, and I'm ready to go home but there is nothing they can do. I don't know when I'll be discharged.

"Other patients are affected as well, and we're just being told no-one knows when we can go home."

Coun Robertson had an operation after suffering a serious infection in his arm.

Security chiefs and ministers have repeatedly highlighted the threat to Britain's critical infrastructure and economy from cyber attacks.

Last year, the government established the National Cyber Security Centre (NCSC) to spearhead the country's defences.

In the three months after the centre was launched there were 188 'high-level' attacks as well as countless lower-level incidents.

Chancellor Philip Hammond disclosed in February that the NCSC had blocked 34,550 potential attacks targeting UK government departments and members of the public in six months.

The National Cyber Security Centre said it was aware of a 'cyber incident' and was working with NHS Digital and the National Crime Agency to investigate.

In December, Blackpool Teaching Hospitals NHS Foundation Trust said it had not suffered any cyber attacks since at least 2012.

In response to request under the Freedom of Information Act, it declined to say how much it had spent on security because 'disclosure of this information may have the potential to allow criminals to hack into the systems, to cause systems to fail or to enable/disable access to the information stored within them, and therefore hinder the trusts ability to take preventative measures to prevent crime and keep the information secure'.

Mrs May said: "We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack.

"This is not targeted at the NHS, it's an international attack and a number of countries and organisations have been affected.

"The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety.

"And, we are not aware of any evidence that patient data has been compromised.

"Of course it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected."

Dr Anne Rainsberry, NHS Incident Director, added: "We'd like to reassure patients that if they need the NHS and it's an emergency that they should visit A&E or access emergency services in the same way as they normally would and staff will ensure they get the care they need.

"More widely we ask people to use the NHS wisely while we deal with this major incident which is still ongoing.

"NHS Digital are investigating the incident and across the NHS we have tried and tested contingency plans to ensure we are able to keep the NHS open for business."