NHS Cyber Attack: What’s Actually Happened?

Thomas Wellburn
May 12, 2017

The NHS has suffered a significant cyber attack which has effected a large portion of the trust and seems to be spreading.

The hack has lead to significant breakdown within the NHS, causing some hospitals to divert patients in need of emergency care. The NHS Liverpool clinical commissioning group is advising all patients to only contact the GP surgery or hospital in the event of a genuine emergency.

Several hospitals are reported to have been affected by the hack, including those run by East and North Hertfordshire NHS trust, Barts Health in London, Essex Partnership university NHS trusts, the university hospitals of Morecambe Bay NHS foundation trust, Southport and Ormskirk hospital NHS trust and Blackpool teaching hospital NHS foundation trust.

The NHS uses a national computer system connected via an Intranet service, meaning the hack could quite possibly effect all hospitals within the NHS trust. If users try and log into the intranet service, it would likely download the virus locally and infect the machines at the hospital. Currently, the NHS is advising all staff to immediately shut down all PCs within the trust and await further instructions. This essentially means that the entire NHS system is down and hospitals are unable to accept incoming calls or view patient medical records.

The hack is confirmed as WCry 2.0 Ransomware, a rather nasty and dangerous form. It’s known to only effect computers running Windows XP, which the NHS currently uses as its operating system of choice. Version 1.0 was first discovered by Malwarebytes anti-malware on February 10th by security researcher Karsten Hahn. Version 2.0 sprung up a few hours ago and has already spread to companies including Telefonica, who suffered a similar Ransomware attack today. ID-Ransomware, a service that helps users identify malware infections, says that the malware is now present in computers spanning The United Kingdom, Spain, Taiwan, Russia, Turkey, Kazakhstan, Indonesia, Vietnam, Japan, Germany, Ukraine and the Philippines.

Pictures on social media show doctors presented with a warning screen demanding Bitcoin currency. One image posted shortly before 4PM shows the amount at $300. This is followed by a message saying the price will rise with time and if it remains unpaid, all files will be permanently deleted. The FBI has previously said that due to the encryption used in sophisticated ransomware hacks, it is often cheaper to pay the money rather than attempt to crack it.

The latest attack comes only months after Barts Health Trust, the largest NHS trust in England, was hit by a similar ransomware cyber attack. The trust did not pay the ransom, however the issue caused a cancellation of over 2,800 appointments.

About the Author

Share this article