Major global cyber-attack hits NHS and delays treatmentBMJ 2017; 357 doi: https://doi.org/10.1136/bmj.j2357 (Published 15 May 2017) Cite this as: BMJ 2017;357:j2357
- Adrian O’Dowd
An unprecedented level of disruption hit the NHS in England and Scotland at the weekend after a “ransomware” cyber-attack that paralysed NHS information technology systems across dozens of organisations.
Operations were postponed, appointments were cancelled, and staff were asked to work over the weekend, as trusts put emergency plans into action to deal with the problem, which also affected many different organisations, including FedEx, Renault, and Germany’s railways, in around 150 countries, attacking around 200 000 computers.
On 12 May the virus started to cripple NHS computers. This particular virus, called WannaCry, is a type of computer malware that encrypts data, locks out the user, and demands a ransom from the user before releasing the data.
In England 48 trusts have experienced problems at hospitals, with GP surgeries and pharmacies also affected, and 13 NHS organisations in Scotland. Wales and Northern Ireland seem to have been unaffected so far.
In a statement NHS Digital, the body responsible for ensuring that organisations meet information and security standards, said that there was no evidence that patients’ data had been accessed.
Most NHS organisations were running up to date IT systems, but a small proportion, around 5%, were still in the process of upgrading their devices from older operating systems such as Windows XP, said NHS Digital.
It is thought that the continued use of the Windows XP platform had made the NHS vulnerable to ransomware attack. On Sunday 14 May Microsoft announced that it would be taking the “highly unusual” step of providing a security update for customers using older Windows platforms, including XP. Also on Sunday the UK National Cyber Security Centre said that it knew of no sustained new attacks of …