British hospitals hit by ransomware attack

LONDON, UK – Hospitals across the U.K. diverted ambulances and cancelled appointments earlier this month after their computers and phones were disrupted by a cyberattack. The attack has affected at least 16 organizations within the U.K.’s state-run National Health Service, according to an NHS statement.

NHS sites appear to have been hit across the country simultaneously, according to a report in the Guardian. The newspaper said users had been locked out of affected computers, on which pop-up messages were demanding a ransom payment in exchange for regaining access.

NHS described the incident as a “ransomware” attack, adding that the malware appeared to be the variant known as Wanna Decryptor, but did not provide further details. No patient data appears to have been accessed, the NHS said.

A photo tweeted under the hashtag #nhscyberattack appeared to show one of the affected computers. A message on the screen said the files on the computer had been encrypted. It demanded a payment of $300 in bitcoins within three days.

“After that the price will be doubled,” the message read.

Cyber experts said the NHS appeared susceptible to attack because many trusts were using obsolete systems, while others have failed to apply recent security updates which would have protected them.

This week it was suggested that 90 per cent of NHS trusts in the UK were using Windows XP – a 16-year-old operating system. Security experts said that computers using operating software introduced before 2007 were particularly vulnerable, leaving many NHS systems at risk.

Britain’s National Cyber Security Centre, part of the GCHQ spy agency, said it was aware of a cyber incident and was working with NHS Digital and the police to investigate.

A reporter from the Health Service Journal said the attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems.

Hospitals have been hurt by ransomware attacks before, including a Los Angeles-area facility that paid some $17,000 US to hackers to regain control of its network. The Ottawa Hospital and Norfolk General Hospital in Simcoe, Ont., suffered ransomware attacks last year. (The Ottawa Hospital hospitals did not shut down services, as it had extensive backups. The attack on the Norfolk General Hospital affected only its public website.)

The NHS said it had not been specifically targeted and, within hours, the problem appeared to have spread beyond British hospitals.

Spain’s government said Friday a large number of Spanish companies had been attacked by cyber criminals who had also infected computers with ransomware, though it was not immediately clear if the attacks were linked.

In response to the “massive infection” of both personal and corporate computers, Spain said it had activated a special protocol to protect its critical infrastructure – including energy, transportation, telecommunications and financial services.

The Ministry of Energy, Tourism and Digital Agenda said the attack affected the Windows operating system of employees’ computers in several companies. It described the culprit as a version of the WannaCry ransomware.

The telecommunications giant Telefonica was among the companies hit.

Portugal Telecom was also hit by a cyberattack but no services were affected, a spokesperson for the company said.