NHS bosses and the government are facing questions over why hospitals had been left vulnerable to the global cyber attack that crippled services on Friday.
The health service faces a weekend of chaos after hackers demanding a ransom infiltrated the health service’s antiquated computer system.
Operations and appointments were cancelled and ambulances diverted as up to 40 hospital trusts became infected by a “ransomware” attack demanding payment to regain access to vital medical records.
Doctors warned that the infiltration – the largest cyber attack in NHS history – could cost lives.
Medics described how computer screens were “wiped out one by one” by the attack, which spread to companies and institutions worldwide, including international shipper FedEx Corp in the US, and Germany’s rail operator.
‘Biggest ransomware attack in history’
Researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets.
Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack “the biggest ransomware outbreak in history”.
The NHS said there was no evidence that patients’ medical records had been accessed, but it was unable to say whether the hackers – who are threatening to delete information unless payment is received within a week – had the ability to destroy such records.
Experts at GCHQ’s national cyber security centre were helping NHS teams fight the attack. The US Department of Homeland Security said late on Friday that it was aware of reports of the ransomware, was sharing information with domestic and foreign partners and was ready to lend technical support.
The attack has been declared a major incident, and has spread to Scotland, where crisis meetings were also being held last night.
A computer hacking group known as Shadow Brokers was at least partly responsible. It is claimed the group, which has links to Russia, stole US National Security Agency cyber tools designed to access Microsoft Windows systems, then dumped the technology on a publicly-accessible website where online criminals could access it – possibly in retaliation for America’s attack on Syria.
Questions over NHS vulnerability
Microsoft had provided free software to protect computers in March, raising questions about why the NHS was still vulnerable. Last night the technology giant said it was pushing out automatic Windows updates to defend clients from WannaCry.
Cyber experts said the health service appeared susceptible to attack because many trusts were using obsolete systems, while others have failed to apply recent security updates which would have protected them.
This week it was suggested that 90 per cent of NHS trusts in the UK were using Windows XP – a 16-year-old operating system. Security experts said that computers using operating software introduced before 2007 were particularly vulnerable, leaving many NHS systems at risk.
Others, using newer systems, may have failed to apply recent security updates, which would have protected them, experts said.
Shadow health secretary Jonathan Ashworth said the attack was “terrible news and a real worry for patients” and urged the Government to be “clear about what’s happened”.
Ross Anderson, professor of security engineering at Cambridge University’s computer lab, said the incident is the “sort of thing for which the secretary of state should get roasted in Parliament.
“If large numbers of NHS organisations failed to act on a critical notice from Microsoft two months ago, then whose fault is that?” Mr Anderson told The Guardian.
May: ‘This was international attack’
The ransomware attack was orchestrated using malware called Wanna Decryptor, also known as WannaCry, which demands each user affected pay $300 (£232) in the internet currency Bitcoin, to have files restored. Thousands of NHS computers have been affected so the ransom could potentially cost taxpayers millions.
The attack was described by Theresa May as “intentional”.
The Prime Minister said: “We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack. This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected.
“The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety. And, we are not aware of any evidence that patient data has been compromised.”
Intelligence sources said the attack appeared to have been carried out by criminals rather than a hostile state and the ransomware had rapidly spread through companies and organisations in Europe and the Middle East. Russia’s interior ministry said last night it had come under cyber attack.
Patients have operations cancelled
In the UK the only affected organisation appeared to be the NHS.
Patients awaiting heart surgery were among those who had operations cancelled, with doctors telling how staff were frantically ordering computers to be shut down. New parents were left stuck on wards with their newborns as administrative systems failed.
Doctors at dozens of trusts resorted to pen and paper, with no access to medical records that could alert them to medical histories or allergies. Handwritten signs in the entrance of the Royal London’s A&E read: “The emergency department has no IT facilities, there are significant delays occurring.”
NHS trusts are supposed to regularly back up their files.
But yesterday doctors and nurses were left treating patients without any access to their medical histories, with lost access to X-rays, blood tests and details such as allergies to medication.
It raises the possibility that recent changes to medical records – such as a cancer diagnosis, or the results of a blood test – could be lost, if hackers delete the files.
Hacking tool stolen from NSA
The mysterious Shadow Brokers claimed last month it had stolen a “cyber weapon” from the NSA that gives unprecedented access to all computers using Microsoft Windows. The hacking tool had been developed by the NSA, to gain access to computers used by terrorists and enemy states.
A screen shot circulated by medical staff showed that users were alerted to their system being compromised by a flashing warning on screen which reads: “What happened to my computer?” and states that many documents, photos, videos and databases and other files are no longer accessible.
Warning “nobody can recover your files without our decryption service” it then demands payments of $300 – stating that the price will be doubled in three days.
An NHS spokesman said: “At this stage we do not have any evidence that patient data has been accessed.”
Colchester A&E was among several yesterday urging the public to stay away, unless in the most severe need tweeting: “Our A&E is open for critical or life-threatening situations requiring medical attention, such as loss of consciousness, heavy blood loss.”
A ‘miracle if no one comes to harm’
At Lister Hospital in Stevenage, the telephone and computer system was fully disabled in an attempt to fend off the attack, with all non-urgent appointments and operations cancelled and patients told to keep away from A&E if at all possible.
The loss of computer systems meant doctors and nurses lost access to X-rays, blood test results and booking systems, rendering a normal day’s work impossible.
A worker at Colchester General Hospital described how her office’s computers were “wiped out, one by one”.
Dominic Marley, a hospital doctor in the Manchester area, said it would be a “miracle if no one comes to harm”.
Barts Health NHS Trust, which runs The Royal London, St Bartholomew’s, Whipps Cross and Newham hospitals in London, said it had implemented its major incident plan to cope with disruption.
Anthony Brett was about to have a stent put in his liver to treat his cancer when he was told the procedure could not happen. The 50-year-old from Bow, east London, said: “To do it to the NHS that does so much good for people, it’s just disgusting. They should be hung, drawn and quartered.”
Taiwan has been put on high alert after it was reportedly one of the top targets of the cyber attack that rocked the world on Friday, writes Nicola Smith.
While government departments and hospital systems had so far been spared the chaos that struck Britain’s NHS, there were fears the full impact of the attack may only emerge after the weekend.
Ross Feingold, a Taiwan-based political analyst who advises on Taiwan and Hong Kong political affairs, warned that full picture may not be known until Monday morning when officials returned to work.
“We are very aware that attacks on critical services such as the NHS have a massive impact on individuals and their families, and we are doing everything in our power to help them restore these vital services.”
The attack has left hospitals and GP surgeries with a backlog of postponed appointments to contend with, including operations, once the crisis is brought under control.’They will try again’
The attack was apparently halted in the afternoon in the UK when a researcher took control of an Internet domain that acted as a kill switch for the worm’s propagation, according to Ars Technica.
The researcher, who uses the Twitter name @MalwareTechBlog, said:
“I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental. So long as the domain isn’t revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again.”
US offers help to tackle crisis
The US Department of Homeland Security has said it is aware of reports of the ransomware. It says it is sharing information with domestic and foreign partners and was ready to lend technical support.
The global cyber attack renewed concerns about whether the NSA and other countries’ intelligence services too often hoard software vulnerabilities for offensive purposes, rather than quickly alerting technology companies to such flaws.
Patrick Toomey, a staff attorney with the American Civil Liberties Union, said in a statement:
“These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies, but by hackers and criminals around the world.”
Source By telegraph……