A number of trusts that make up the UK’s national health service (NHS) have been hit by a cyber attack demanding payment in order to unlock now ‘encrypted’ medical records and information, it was reported on Friday.
An official statement published to the NHS website tonight, reads as follows:
A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack. The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.
This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.
“At this stage we do not have any evidence that patient data has been accessed,” the service explains.
NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.
“Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available,” it adds.
While it is not yet clear exactly how the malware or ransomware made it onto the NHS network, The Guardian reports that, as a result of the attack, “details of patient records and appointment schedules, as well as internal phone lines and emails, have all been rendered inaccessible,” as it also shares an image of the reported software which has infiltrated the health service’s systems.
The BBC has more:
“The BBC understands up to 25 NHS organisations and some GP practices have been affected. Ambulances have been diverted and there has been disruption at some GP surgeries as a result of the attack.”
Our emergency surgeries are running doors open, we can access our software but ransomware window pops up every 20-30 seconds so we are slow
— gigi.h (@fendifille) 12 May 2017
The ransomware allegedly shown by a screenshot that surfaced on Twitter (above) cites that the health service’s files will be “lost” on 5/19/2017 at 12:36:07 – local time, if the requested bitcoin payment is not made.
Although the initial screenshot provided by @fendifille shows a ransom payment of $300 equivalent to be transferred in bitcoin, it would appear from other conversations on Twitter between system administrators that the attackers may be using different bitcoin wallets per trust/computer.
— Ben Parker (@BenParker140) 12 May 2017