NHS Suffers Cyber Attack Affecting Hospitals' Emergency Care


The attack appeared to exploit a vulnerability purportedly identified for use by the U.S. National Security Agency and later leaked to the internet.

NHS England confirmed hospitals across the country appeared to have been simultaneously hit and it had activated a "major incident plan".

The Cumbria Partnership Foundation NHS Trust, which runs 60 community and mental health services across the county, also confirmed on Twitter it had been affected, but again said their services were working as normal.

Hospitals in areas across Britain found themselves without access to their computers or phone systems.

NHS Barts Health, which operates four major hospitals in London, including The Royal London, issued a statement indicating it was canceling routine appointments, diverting ambulances to other hospitals and requested the public "use other NHS services whenever possible".

A GPs' practice with surgeries in south Lincolnshire and across the border in Cambridgeshire was also hit, with many patients having to be sent home.

Most of the affected hospitals were in England, but several facilities in Scotland also reported being hit. Telecoms firm Telefonica was one of those reporting problems. The hospital said patient safety is not being compromised, but warned people to expect some delays.

According to cybersecurity firm Kaspersky, it's reached at least 74 countries, attacking all sorts of institutions.

NHS Digital, which oversees United Kingdom hospital cyber security, says the attack used the Wanna Decryptor variant of malware, which infects and locks computers while the attackers demand a ransom. It is available in at least 28 languages, including Bulgarian and Vietnamese, according to Avast, a Czech security company that is following the fast-moving attack. The committee denied the reports.

Russia's Interior Ministry says it has come under cyberattack.

In the U.S., FedEx reported that its Windows computers were "experiencing interference" from malware, but wouldn't say if it had been hit by ransomware. In many cases, the senior official said, the attacks have been successful because they are against pirated or unauthorized copies of Microsoft Windows, which can not be easily patched to fix the vulnerability. In February 2016, a Los Angeles hospital, the Hollywood Presbyterian Medical Center, paid $17,000 in Bitcoin to hackers who took control of its computers for more than a week.

Spain, meanwhile, took steps to protect critical infrastructure in response to the attack.

"These attacks underscore the fact that vulnerabilities will be exploited not just by our security agencies, but by hackers and criminals around the world", said Patrick Toomey, a staff attorney at the American Civil Liberties Union's National Security Project.

Telefónica seems to be the first company affected, after it told employees today to stop working and shut down their computers, according to Spanish newspaper El Mundo.

As not all ransomware provides this timer countdown, said the team, the WannaCry attack shows computer users that "payment will be raised" after a specific countdown, along with another display raising urgency to pay up, threatening that the user will completely lose their files after the set timeout.

Less was known about the scope of the attacks in Spain and Portugal, which affected companies like Telefónica.

Forcepoint said in a statement that the attack had "global scope", affecting organisations in Australia, Belgium, France, Germany, Italy and Mexico.

Computers were infected with what is known as "ransomware" - software that freezes up a machine and flashes a message demanding payment to release the user's data.

The attack by the ransomware, dubbed "WannaCry", is initiated through an SMBv2 remote code execution in Microsoft Windows.

WannaCry is a form of ransomware that locks up the files on your computer and encrypts them in a way that you can not access them anymore.