Ransomware attack: Hospitals still struggling in aftermath of WannaCrypt's rampage

Three days after the initial cyberattack, NHS hospitals are still suffering from disruption as new infections come to light.
Written by Danny Palmer, Senior Writer

The cyberattack crippled IT systems and forced doctors and nurses to work with pen and paper notes.

Image: iStock

NHS hospitals are still struggling in the fight against a global ransomware attack, with computer systems in several hospitals locked three days after the initial outbreak and previously unaffected hospitals revealed to have fallen to WannaCrypt ransomware.

During the weekend more than 200,000 victims in over 150 countries fell victim to ransomware called WannaCrypt, also known as WannaCry and Wcry. It affected businesses, governments, and individuals across the globe, particularly those using Windows XP and other unsupported Microsoft operating systems.

Healthcare organisations across the UK had systems knocked offline by the ransomware attack, with patient appointments cancelled and NHS England declaring the cyberattack as a 'major incident'. A total of 61 NHS organisations, ranging from hospitals to GP surgeries, are currently known to have fallen victim to WannaCry ransomware.

As NHS organisations start a new work week, it appears the attack is far from over, with the previously unaffected Shrewsbury and Telford Hospital NHS Trust added to the list of victims.

"As has been widely reported, on Friday a large number of NHS Trusts were affected by a computer virus that was contained in an email attachment. Unfortunately, the virus was detected on a small number of machines at SaTH," said Sara Biffen, Deputy Chief Operating Officer at The Shrewsbury and Telford Hospital NHS Trust (SaTH).

"As a precautionary measure, some of the Trust's systems were suspended briefly in order to reduce any further risk," she added.

However, the SaTH says only a small number of patient appointments had to be cancelled over the weekend, services are now once again running as normal.

Barts Health NHS Trust in London - the largest hospital group in the UK - said on Monday morning that it's still experiencing "IT disruption" and is asking the public to use other NHS services "wherever possible".

The hospital also says it needs to cancel some patient appointments in order to "run services safely" and that affected patients will be directly contacted as hospital IT staff continue to bring the services back up to normal levels of operation.

"Staff have been working tirelessly over the weekend, using tried and tested processes to keep patients safe and well cared for," the hospital said in a statement.

Also: Ransomware: These four industries are the most frequently attacked | Windows 10 tip: Keep unwanted software off PCs you support | Will your business be next? Customizable ransomware makes it easy for criminals to target organisations | Ransomware: An executive guide to one of the biggest menaces on the web

Barts is far from the only NHS Trust still experiencing problems following the WannaCry outbreak - United Lincolnshire Hospitals is among those still suffering from ongoing issues and has cancelled all outpatient appointments, diagnostic tests and routine operations set to take place on Monday.

"Work is ongoing to restore our IT systems," United Lincolnshire said in a statement on the hospital website.

NHS Digital said it is continuing to work to fight against the WannaCry cyberattack and its impact on the health service.

"Our Data Security Centre continues to work around the clock alongside the National Cyber Security Centre, to support NHS organisations that have reported any issues related to this cyber-attack," the body said - alongside issuing guidance on protecting against the cyberattack , explaining which patches to apply.

Indeed, such is the extent of the WannaCrypt attack that Microsoft took the unprecedented step of issuing patches for unsupported operating systems including Windows XP, Windows 8 and Windows Server 2003, which now only usually receive patches if the organisation using them are receiving special custom support.

The UK's National Cyber Security Centre, the organisation tasked with keeping the UK's critical infrastructure safe from cyber attacks, warned that a second wave of WannaCrypt attacks could emerge as organisations return to work today.

"It is important to understand that the way these attacks work means that compromises of machines and networks that have already occurred may not yet have been detected, and that existing infections from the malware can spread within networks," the NSCC said in a statement.

Wannacrypt ransomware demands $300 in Bitcoin for unlocking encrypted files - a price which doubles after three days. Users are also threatened with having all their files permanently deleted if the ransom isn't paid in a week.

Cybersecurity researchers have suggested the ransomware attacks are so potent because they exploit a known software flaw dubbed EternalBlue. This Windows flaw is one of many zero-days which apparently was known by the NSA -- before being leaked by the Shadow Brokers hacking collective.


Editorial standards