NHS trust hit by cyber attack cancels operations and asks patients not to come to hospital 'unless it is essential'

Scotland’s third-largest NHS trust is appealing for patients not to attend hospital unless it is “essential” amid an ongoing cyber attack.

Operations and appointments have been cancelled by NHS Lanarkshire and people are being warned they could be turned away, but a spokesperson insisted there were “no concerns around emergency treatments”.

It is the second time the trust has been affected by malware within months, having been one of the worst-affected trusts during the global WannaCry ransomware attack in May.

Officials did not confirm the type of virus affecting systems but announced IT difficulties affecting hospitals and GP practices starting on Friday afternoon.

"We have detected some incidences of malware,” chief executive Calum Campbell said.

"We took immediate action to prevent this spreading while we carried out further investigations.

"We are now putting in place a solution from our IT security provider.

"While the issue is being resolved our staff have been working hard to minimise the impact on patients and we apologise to anyone who has been affected."

The trust is responsible for the care of more than 650,000 people living in North and South Lanarkshire in Scotland, running three general hospitals and numerous GP surgeries, dentists, pharmacists and other services.

As of Saturday morning, the trust described the entire IT system as “down” and put out an emergency phone number for staff to use over the bank holiday weekend.

Dr Jane Burns, medical director for NHS Lanarkshire’s acute division, asked patients not to attend hospitals “unless it is essential”.

"If you do turn up at A&E and do not require emergency care you may be sent away from the department or you may experience a lengthy wait,” she added.

"Emergency care will still be provided for those who do require to be seen."

The health board's estate includes Hairmyres Hospital in East Kilbride, Monklands Hospital in Airdrie and Wishaw General Hospital.

Staff unable to use email systems or access appointments have been directing the public to the NHS Lanarkshire Facebook page for further information

The cyber attack appears to be more isolated than the global WannaCry attack in May, which hit NHS trusts across the UK and sparked urgent reviews of outdated systems, protections and staff training after equipment was disabled, patients turned away and ambulances diverted.

WannaCry, which affected more than 150 countries, spread through outdated Microsoft Windows software and caused automated messages appear on thousands of computers telling users their data had been encrypted and would be released in exchange for a Bitcoin payment.

The unprecedented cyber attack is not believed to have directly targeted the NHS, but Britain’s health service has previously been hit by viruses and The Independent revealed that Isis-linked hackers compromised some NHS websites last year.

Ben Gummer, the former cabinet office minister who lost his seat in May, warned at the time that “large quantities of sensitive data” held by the NHS was a target.

“No longer the stuff of spy thrillers and action movies, cyber attacks are a reality and they are happening now,” he said in October.

“Our adversaries are varied: organised criminal groups, ‘hactivists’, untrained teenagers and foreign states.

“Attacks can cause economic damage, erode public trust in online services and by enabling fraud do real harm to individuals, their property and their privacy.”

Analysts have sounded intensifying warnings over the threat posed by cyber attacks targeting critical infrastructure, like public health, electricity, water supplies, telecommunications, banking and transport.

Irish energy networks were targeted by hackers in a “spear phishing” attack last month, while the Houses of Parliament in Westminster and Scottish Parliament have also been hit.

A recent report by the Royal United Services Institute (RUSI) warned of the growing threat of cyber attacks and threats to the West’s use of satellites in space.

Enemies could take out military and civilian communications and navigation systems, the report said, or target the UK’s economy and crucial IT infrastructure causing chaos and panic, it said.

“In any major future conflict, an important part of the battle will be threats to the UK’s critical national infrastructure from hostile cyber operations,” RUSI’s report concluded.

“The cyber threat spectrum is not only relevant to defence but to government as a whole, especially to critical national infrastructure and the broader economy.”