The NHS hack is said to be “creeping” across the country and has so far hit 16 NHS trusts, with NHS staff and health journalists tweeting images of the ransomware. So far, hospitals in the north, south west of England and the south are said to have been hit following a supposed hack on Friday afternoon. Further reports said GPs were also being targeted.
East and North Hertfordshire NHS confirmed it has experienced a “major IT problem, believed to be caused by a cyberattack”. In a statement, NHS Digital confirmed a number of NHS organisations had been affected by a ransomware attack. “The investigation is at an early stage but we believe the malware variant is Wanna Decryptor,” a spokesperson said.
“At this stage, we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.”
Hackers use ransomware to infect a computer or system before holding files hostage until a ransom is paid. It can infect a computer via a trojan, virus or worm.
Wanna Decryptor encrypts users files using AES and RSA encryption ciphers meaning the hackers can directly decrypt system files using a unique decryption key. Victims may be sent ransom notes with “instructions” in the form of !Please Read Me!.txt files, linking to ways of contacting the cybercriminals. Wanna Decryptor changes the computer’s wallpaper with messages (as seen in tweets from affected NHS sites) asking the victim to download a decryptor from Dropbox. This decryptor demands hundreds in bitcoin to work.
They added that the attack was not specifically targeted at the NHS because it is affecting “organisations from across a range of sectors” and NHS Digital is working with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations.“ As of 15.30, 16 NHS organisations had reported they were affected by the hack.
It appears no hospitals in London have been hit, yet, but NHS England said it is compiling a list of which hospitals have been affected. The East and North Hertfordshire NHS trust has shut down IT systems and telephone lines and asked people in the area not to go to A&E unless it’s a life-threatening emergency.
The attack comes just four months after Barts Health Trust – which includes The Royal London, St Bartholomew’s, Whipps Cross and Newham in east London – was hit with a similar ransomware attack. That hack affected thousands of files on the trust’s Windows XP operating system.