Data and securityCyber SecurityMajor incident declared after NHS cyber attack (Updated 15/05)

Major incident declared after NHS cyber attack (Updated 15/05)

Attack on the NHS seems to be part of a global ransomware campaign that has attacked a number of organisations around the world

The NHS has declared a major incident after a cyber attack on a number of hospital and GP surgeries across England.

The attack means staff cannot access patient data, which has been scrambled by ransomware. There is no evidence patient data has been compromised, NHS Digital has said.

NHS England said there was a “complex emerging picture”, amid concerns over thousands of computers being switched back on after the weekend.

Seven trusts out of 47 that were hit are still facing serious issues, but patients have been told to turn up for appointments, unless advised otherwise.

The latest statement issued by NHS Digital reads:

We are continuing to work around the clock to support NHS organisations that have reported any issue due to yesterday’s cyber-attack.

We have received no reports of patient data being compromised.

We are not publishing a list of those we are assisting at this stage; given the situation is changing and impacting organisations in a range of different ways. For instance we are aware some bodies, which range from practices to trusts, may have suspended selected systems purely as a precautionary measure.

We are aware of widespread speculation about the use of Microsoft Windows XP by NHS organisations, who commission IT systems locally depending on population need.

While the vast majority are running contemporary systems, we can confirm that the number of devices within the NHS that reportedly use XP has fallen to 4.7 per cent, with this figure continuing to decrease.

This may be because some expensive hardware (such as MRI scanners) cannot be updated immediately, and in such instances organisations will take steps to mitigate any risk, such as by isolating the device from the main network.

Our focus remains on assisting organisations, working closely with the National Cyber Security Centre, the Department of Health, NHS England and NHS Improvement.

The attack on the NHS is part of a global ransomware campaign that has attacked a number of organisations around the world.

Guidance documentation for NHS organisations impacted by the cyber incident can be accessed here.

Related Articles

NCSC defends UK from more than 10 cyber attacks a week

Cyber Security NCSC defends UK from more than 10 cyber attacks a week

6d Austin Clark
GDS clarifies private sector access to GOV.UK Verify

Cyber Security GDS clarifies private sector access to GOV.UK Verify

1w Austin Clark
Is automation essential in the cyber security battle?

Cyber Security Is automation essential in the cyber security battle?

1m Austin Clark
Please mind the security gap between the premises and the cloud

Cloud Computing Please mind the security gap between the premises and the cloud

1m Guest Writer
NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

Cyber Security NHS trusts not discouraging WhatsApp, Facebook Messenger and other consumer apps

2m Austin Clark
Best form of defence: Is the Government's cyber strategy on the right track?

Cyber Security Best form of defence: Is the Government's cyber strategy on the right track?

2m Guest Writer
Making the cloud a safe space

Cloud Computing Making the cloud a safe space

2m Guest Writer
Leading cyberlaw academic calls for review of CCTV and AFR implementation

Cyber Security Leading cyberlaw academic calls for review of CCTV and AFR implementation

3m Austin Clark