NHS cyber attack: Hospitals warn patients to stay away from A&E as ransomware cripples systems

The NHS faces a weekend of chaos after an unprecedented cyber-attack forced hospitals to cancel and delay treatment for patients.

Thousands of patients across England and Scotland are stuck in limbo after A&E wards, GP surgeries and other vital services across the NHS were infected with a virus based on hacking tools developed by US cyber-warfare agents.

Non-emergency patients have been advised to use health facilities frugally, while those who are critically ill have had to be diverted to unaffected hospitals as computer systems failed in A&E units.

NHS trusts have requested new patients do not come to A&E, but instead to ring 111, or 999 in the case of an emergency.

“To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust’s hospitals continued to receive the care they need,“ a spokesperson for East and North Hertfordshire NHS trust said.

NHS Blackpool Clinical Commissioning Group tweeted: “We are aware of an IT issue affecting some GP computer systems. Patients are asked for understanding whilst the issue is resolved.

“Please avoid contacting your GP practice unless absolutely necessary. Should you wish to obtain non-urgent medical advice, please call 111. Please also only attend the Walk-In Centre and A&E department if absolutely necessary.”

Other trusts stressed that some of the problems were being caused by protective measures, rather than the cyber attack itself.

“Following a suspected national cyber attack we are taking all precautionary measures possible to protect our local NHS systems and services,” NHS Merseyside said on Twitter.

The attack plunged the NHS into chaos on Friday afternoon as patients across the UK had their appointments and operations cancelled and medical staff were locked out of test results, X-rays and patient records.

Doctors warned that the infiltration – said to be the largest cyber-attack in NHS history – could cost lives.

At least 30 health service organisations are said to have been infiltrated by the malicious software, while many others shut down servers as a precautionary measure, meaning all systems were offline and hospitals were unable to accept incoming calls. Staff had to carry out work with pen and paper and without access to any digital files.

Microsoft today took the “highly unusual” step of delivering a public patch for Windows XP, despite having officially ended its support for the 16-year-old operating system in 2014, after the attack exploited vulnerabilities within it.

The hack, which brings up a message telling users they can recover files but only if they send $300 in bitcoins to a specific address, appears to be an example of ransomware – criminals breaking into computers, taking sensitive files hostage and only allowing their owners to have access when they pay enough money.

The attack is said to have hit around 100 countries across the globe.

US firm FedEx announced on Friday night that its operations in the US were affected, while researchers with security software maker Avast said they had observed 57,000 infections in 99 countries with Russia, Ukraine and Taiwan the top targets.

In a statement posted on its blog, Microsoft said seeing the cyber-attack take hold was "painful".

"Seeing businesses and individuals affected by cyber attacks, such as the ones reported today, was painful. Microsoft worked throughout the day to ensure we understood the attack and were taking all possible actions to protect our customers," the statement read.

"We are taking the highly unusual step of providing a security update for all customers to protect Windows platforms that are in custom support only, including Windows XP, Windows 8, and Windows Server 2003. Customers running Windows 10 were not targeted by the attack."

The Government and NHS bosses are now facing growing questions over the attack amid suggestions preventative measures could have been taken “months ago”.

A former NHS Trust chairman told Sky News: "The NHS will have practised for this, but it's had an impact right the way across the NHS, and I think this took the wind out of the NHS' sails. IT plays such a huge role in modern healthcare at looking at past notes. It's so interconnected.

"Over time, Microsoft has held us to ransom, and of course the NHS hasn't got the money to pay for it. In 2014 when Windows stopped supporting, the NHS played £5m to have an extra year's support. There has not been enough investment over a long enough period in IT.

"The question for the politicians now is what are you going to do about IT in not only the NHS, but the public sector more widely."

Home Secretary Amber Rudd admitted files may have been lost, telling BBC Breakfast: “We will find out over the next few days if there are any holes in [the backing-up of files].

“There may be lessons to learn from this but the most important thing now is to disrupt the attack, let's come back to afterwards whether there are lessons to be learned.”

In a separate interview on the BBC's Today programme, Ms Rudd said: “Windows XP is not a good platform for keeping your data as secure as the modern ones, because you can't download the effective patches and anti-virus software for defending against viruses.

”CQC (Care Quality Commission) does do cyber-checks on the NHS trusts, on hospitals when they do their visits, and they will be advising NHS trusts to move to modernise their platforms and I think that after this experience, I would expect them all to move forward with modernising."

Ms Rudd will chair a Cobra meeting in Whitehall today (Saturday) at 2.30pm.

Scotland's Health Secretary Shona Robison meanwhile said there was “a level of confidence” that GP systems would run as normal on Monday, and that any lessons from the cyber attack on NHS computer systems will be learned.

The NHS has been hit by such attacks before, but this was by far the worst, experts said, taking down an unprecedented number of trusts and hospitals.

The attack came soon after a report was published in the British Medical Journal in which neurologist Dr Krishna Chinthapalli warned hospitals that they were at risk of an attack.

“We should be prepared: more hospitals will almost certainly be shut down by ransomware this year,” he wrote.

He warned just hours before the hack broke out that IT departments needed to do more to keep hospitals safe, and that such hacks – which have already hit some hospitals in the US – were a problem waiting to happen.