NHS computers down after suspected cyber attack - avoid hospitals and walk-in centres 'unless absolutely necessary'

Computers have been shut down across the country after NHS computers were hit by a cyber attack, plunging the health service into chaos.

Friday, 12th May 2017, 4:52 pm
Updated Monday, 15th May 2017, 9:34 am

A virus targeted the health service network, including on the Fylde coast, this afternoon and has since spread across the country.

Tech experts are now battling to fix the problem, but computers at walk-in centres, hospitals, and at GP surgeries have been taken offline, along with some telephone services.

Patients have now been urged to avoid them all 'unless absolutely necessary', and should instead call 111 for triage and medical advice.

Sign up to our public interest bulletins - get the latest news on the Coronavirus

Sign up to our public interest bulletins - get the latest news on the Coronavirus

A screenshot of the demand purportedly appearing on NHS computers across the country (Pic: Health Service Journal)

GP and hospital appointments already arranged for this afternoon are still being held, it is understood, but new appointments cannot be made.

Medical notes will be taken using pen and paper until IT systems are brought back online, it is understood.

A spokesman for NHS Digital said: "A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack which is affecting a number of different organisations.

"The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.

A screenshot of the demand purportedly appearing on NHS computers across the country (Pic: Health Service Journal)

"At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.

"NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations.

"This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

"Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available."

Sixteen NHS organisations have reported being affected, it added, but it said it was not naming them at this stage.

A spokeswoman for Blackpool Victoria Hospital, which has been affected, pleaded for patients in the resort to only attend A&E in life-threatening emergencies, and asked for patience in other departments, which are running slower than usual.

Both the Royal Preston Hospital, where systems were reportedly down, and Royal Lancaster Infirmary have been contacted for comment.

Lancashire Care, which provides mental health services, declined to comment.

Dr Naughton, from The Thornton Practice, said: "This is a problem that is affecting the whole of Lancashire.

"Patients are still being seen and practices are open for business, but patients need to be aware that, because we can't see their records or medicines history, if their problem can wait until the system is back online, please do so."

"We are aware of an IT issue affecting some NHS computers systems," Blackpool CCG and Fylde and Wyre added.

"Patients are asked for understanding whilst the issue is resolved.

"Please avoid contacting your GP practice unless absolutely necessary. Should you wish to obtain non-urgent medical advice please call 111.

"Please only attend the Whitegate Drive Walk-In Centre, Fleetwood Same Day Health Centre, and Blackpool Victoria Hospital's A&E department if absolutely necessary.

"Your local pharmacy can also provide free and fast advice for non-urgent conditions."

The 'majority' of GP surgeries in Blackpool, Fylde, and Wyre, have been affected, they added.

Ransomware installs itself covertly on devices and then holds information hostage until a ransom is paid.

A screenshot obtained by the Health Service Journal (HSJ) purported to show the pop-up that appeared on at least one of the computers affected.

It said: "Your important files are encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service."

It goes on to demand $300 of the digital currency bitcoin, otherwise the files will be deleted.

It gives a deadline of next Friday afternoon to pay.

Wanna Decryptor is believed to be the same virus that has hit Telefonica and several other large organisations in Spain today.

The HSJ said services affected were thought include archiving systems for x-rays, pathology test results, phone and bleep systems, and patient admin systems.

Speaking on the condition of anonymity, one hospital IT worker said he believed between 25 and 30 trusts have been affected.

"User shared drive access is down," he added. "Emails slowly going. Non-essential PCs are being shut down and waiting times are estimated to increase.

"There's nothing we can do except sit back and watch it collapse. The ransom message is exactly the same here, but with different bitcoin links, which is standard.

"It's a goodbye to the IT systems."

Coun Derek Robertson, who represents Waterloo ward on Blackpool Council, was told he could not be discharged from Blackpool Victoria Hospital due to the IT breakdown.

He said: "At 3pm the doctor cleared me to leave, but then the cyber attack happened and it means I can't be discharged because I can't get the discharge papers or prescription medicines I need.

"I've been in hospital since Sunday, and I'm ready to go home but there is nothing they can do. I don't know when I'll be discharged.

"Other patients are affected as well, and we're just being told no-one knows when we can go home."

Coun Robertson had an operation after suffering a serious infection in his arm.

Security chiefs and ministers have repeatedly highlighted the threat to Britain's critical infrastructure and economy from cyber attacks.

Last year, the government established the NCSC to spearhead the country's defences.

In the three months after the centre was launched there were 188 'high-level' attacks as well as countless lower-level incidents.

Chancellor Philip Hammond disclosed in February that the NCSC had blocked 34,550 potential attacks targeting UK government departments and members of the public in six months.

The National Cyber Security Centre said it was aware of a 'cyber incident' and was working with NHS Digital and the National Crime Agency to investigate.