PM: Patient records ‘not compromised’ in NHS cyber attack

Theresa May said the Government is not aware of any evidence that patient records have been compromised in the massive cyber attack on the NHS.

The Prime Minister said the ransomware hit was “not targeted” at the health service but was part of a wider assault on organisations across a number of countries.

Mrs May said: “We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack. This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected.

“The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organisations concerned and that they protect patient safety. And, we are not aware of any evidence that patient data has been compromised.

“Of course it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected.”

Hospitals and GP surgeries in England and Scotland were among at least 16 health service organisations hit by a ransomware attack, using malware called Wanna Decryptor – with reports potentially dozens more were affected.

Staff were forced to revert to pen and paper and use their own mobiles after the attack affected key systems, including telephones.

Pictures posted on social media showed screens of NHS computers with images demanding payment of 300 US dollars worth of the online currency Bitcoin, threatening to delete files within seven days.

The attack came as several companies in Spain were hit by ransomware attacks. Telecoms firm Telefonica was one of those reporting problems.

Global couriering company FedEx said it had also been infected by the ransomware.

English hospitals and clinical commissioning groups (CCGs) in London, Blackpool, Hertfordshire and Derbyshire were among those to report problems.

In Scotland, NHS Greater Glasgow and Clyde, NHS Dumfries and Galloway and NHS Forth Valley said some of their GP surgeries have been caught up in the incident. NHS Lanarkshire and NHS Western Isles also confirmed they have been affected. First Minister Nicola Sturgeon is to chair a resilience meeting on the issue.

At the Royal London Hospital operations were cancelled and staff were ordered not to touch their computers.

Wanna Decryptor is a piece of malicious software that encrypts files on a user’s computer, blocking them from view and threatening to delete them unless a payment is made.

The virus is usually covertly installed on to computers by being hidden within innocent-looking emails containing links, which users are tricked into opening.

Security chiefs and ministers have repeatedly highlighted the threat to Britain’s critical infrastructure and economy from cyber attacks. Last year the Government established the NCSC to spearhead the country’s defences.

In the three months after the centre was launched there were 188 “high-level” attacks as well as countless lower-level incidents.

Dr Anne Rainsberry, NHS Incident Director, said: “We’d like to reassure patients that if they need the NHS and it’s an emergency that they should visit A&E or access emergency services in the same way as they normally would and staff will ensure they get the care they need. More widely we ask people to use the NHS wisely while we deal with this major incident which is still ongoing.”

It is understood that several health trusts turned their computer systems off as a precautionary measure, rather than being shut down by the attack. This has led to speculation that the total number of organisations crippled by the ransomware is not as high as some figures reported.

One health trust is believed to have been included among those hit by the malicious software – despite it actually suffering from a separate IT malfunction.