UPDATED: Hospitals in UK National Health Service knocked offline by massive ransomware attack

The network was likely taken down by the Wanna Decryptor, one of the most effective ransomware variants for which there’s currently no decryptor available.
By Jessica Davis
12:56 PM

The National Health Service in England and Scotland was hit by a large ransomware attack that has affected at least 16 of its organizations, NHS Digital announced this morning.

The attackers are asking for 415,000 pounds, or about $534,146, before May 19 or the hackers will delete the files, according to MetroUK.

The attack has crippled the health system’s ability to treat patients, according to BBC News. Hospital staff are unable to access patient data. Further, ambulances are being diverted and patients are being warned to avoid some departments.

[Also: Wannacry timeline: How it happened and the industry response to ransomware attack]

Security firm Kaspersky Labs discovered more than 74 countries have been hit with this ransomware in the last 10 hours. The security team has confirmed attacks in Russia, Ukraine and India.

 

[Also: 75% of health orgs live below cybersecurity poverty line]

"We are aware that a number of NHS organizations have reported that they have suffered from a ransomware attack,” said UK Prime Minister Theresa May in a statement. “This is not targeted at the NHS, it's an international attack and a number of countries and organizations have been affected.”

"The National Cyber Security Centre is working closely with NHS digital to ensure that they support the organizations concerned and that they protect patient safety," she continued.

The organization launched an investigation and determined the ransomware is likely the Wanna Decrytor. It’s one of the most effective ransomware variants on the dark web, and at the moment, there is no decryptor available.

Officials said the attack didn’t specifically target the agency and that organizations from other sectors have been hit, as well.

“At this stage we do not have any evidence that patient data has been accessed,” officials said in a statement.

Spain said Friday that many companies, including the telecommunications giant Telefonica, were also dealing with ransomware attacks, according to Reuters. Portugal Telecom was also hit by a cyberattack that did not impact its services.

The ransomware campaign might be caused by leaked NSA hacking tools, according to Politico. The malware was included in the online dump by the hackers called Shadow Brokers, which they said were NSA tools.

“This seems to be a very large scale attack, with earlier reports of infections in Russia, Ukraine, Taiwan, as well as all over Europe,” Mounir Hahad, senior director of Cyphort Labs said in a statement. “There is cause for alarm in the U.S. as well, given the speed at which this attack as spread and the fact that it seems to know no border.”

“Our focus is on supporting organizations to manage the incident swiftly and decisively, officials said. “But we will continue to communicate with NHS colleagues and will share more information as it becomes available.”

Healthcare IT year in review

This was one of our most popular stories of the year.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.