Hospitals across Britain have reportedly been hit by a large-scale cyberattack. Some are having to divert emergency patients, with doctors reporting messages demanding money.
National Health Service (NHS) hospitals across the country appear to have been simultaneously hit by a bug in their IT systems. Doctors have been posting on Twitter about what has been happening.
A screengrab of an instant message conversation circulated by one doctor says: “So our hospital is down … We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone.”
A second doctor tweeted: “Massive NHS hack cyber attack today. Hospital in shut down. Thanks for delaying emergency patient care & endangering lives. Assholes.”
East and North Hertfordshire NHS Trust, one of those affected, said in a statement: “Today, the trust has experienced a major IT problem, believed to be caused by a cyber attack.
“Immediately on discovery of the problem, the trust acted to protect its IT systems by shutting them down; it also meant that the trust’s telephone system is not able to accept incoming calls.
“The trust is postponing all non-urgent activity for today and is asking people not to come to A&E.”
Blackpool Hospitals, also affected, tweeted: “Our computer systems are experiencing problems and we are working hard on a solution. We will update you as soon as possible.”
An NHS source told the Evening Standard the attack “seems to be growing” with more incidents of hospitals across Britain facing IT problems being reported. Sky News reported that sources inside the department of health had described the attack as “unexpected, but not unprecedented.”
According to reports, affected hospitals include those run by East and North Hertfordshire NHS trust, Barts Health in London, Essex Partnership university NHS trusts, the university hospitals of Morecambe Bay NHS foundation trust, Southport and Ormskirk hospital NHS trust and Blackpool teaching hospital NHS foundation trust.
Services affected are thought to include picture archiving communication systems for x-ray images, pathology test results, phone and bleep systems and patient administration systems, the Telegraph reports.
“At approximately 12:30pm we experienced a problem with our email servers crashing. Following this a lot of our clinical systems and patient systems were reported to have gone down,” an NHS IT worker said in a message to a Guardian reporter.
“A bitcoin pop-up message had been introduced onto the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen.
“This followed with an internal major incident being declared and advised all staff to shut down all PCs in the trust and await further instructions.”
There are reports of messages on computers saying: “Oops. Your files have been encrypted,” and demands for bitcoin to be paid.
The hack appears to be an example of ransomware, where malicious hackers break into computers and only allow their owners back in when they pay enough money.
The attackers are allegedly demanding $300-worth of the digital currency bitcoin, which equates to around £415,000, otherwise the files will be deleted. It gives a deadline of May 19 to pay.
A screenshot obtained by the Health Service Journal (HSJ) purported to show the pop-up that appeared on at least one of the computers affected.
It said: “Your important files are encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time.
“Nobody can recover your files without our decryption service.”
On Friday, Spain’s government warned that large numbers of companies had been attacked by cyber criminals who infected computers with the same ransomware used on the NHS.
The victims included Telefonica, the nation’s biggest telecommunications firm.