This site is intended for health professionals only

At the heart of general practice since 1960

Read the latest issue online

Gold, incentives and meh

GP practices 'closed down' by NHS computer system hack attack

GP practices across England have been affected by what appears to be a major cyber attack on the NHS computer system.

Pulse understands that some GP practices have had to shut down, while hospital staff found themselves unable to work.

Dr George Farrelly, a GP in East London, said his practice did not have access to patient records and could not prescribe medicines.

Dr Farrelly, who works at the Tredegar practice in Tower Hamlets, said his practice had ‘heard something might happen’ earlier in the day so had printed the appointment list.

He said: ‘I am going to see my patients but of course we cannot access any records and can’t prescribe.’

Meanwhile Dr Neil Paul, a GP in Cheshire, sent Pulse a computer screenshot of the error message caused by the attack, which is requesting $300 worth of Bitcoin, the online currency.

He told Pulse that in his area around 'half' of practices were affected by the attack, including some cases of 'whole practices' being forced to shut down.

nhshackattack

nhshackattack

The Wingate Medical Centre in Liverpool also tweeted that it was unable to work.

And NHS Liverpool CCG warned patients to only contact their GP practice in an emergency.

NHS Digital said that 'a number of NHS organisations have reported... that they have been affected by a ransomware attack'.

A spokesperson said: 'The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.

'At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.

'NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations, ensure patient safety is protected and to recommend appropriate mitigations.'

According to NHS Digital, the attack was 'not specifically targeted at the NHS and is affecting organisations from across a range of sectors'.

The spokesperson added: 'Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.'

Readers' comments (30)

  • ?clever plan by the RCGP to show the worth of GPs? Take GPs out of the system for a week???

    Unsuitable or offensive? Report this comment

  • Ransomware. Is this an NHS net issue or locally installed ?

    Unsuitable or offensive? Report this comment

  • My computer id's it as Artemis!7BF2B57F2A20!

    Unsuitable or offensive? Report this comment

  • Disappointingly my computer still working

    Unsuitable or offensive? Report this comment

  • Secure environments GP

    It's across 16 hospital trusts as well.

    Unsuitable or offensive? Report this comment

  • Working in a very busy inner-city practice, with Out-of-hours centre adjacent in the Darzi-style Health Centre. waiting areas full of upset and distressed patients, some in pain or very unwell, many coming in for repeat prescriptions begore they run out at the weekend, admin staff struggling to deal with situation.
    Cyber-Ransomeware (labelling itself Wana Decrypt0r v2.0) demanding £300 in Bitcoin within 3 days, or it doubles, then all data deletes irreversibly in 7 days.
    Patients angry and shouting.
    This is very clever
    Terrible time, end of weekon Friday evening, IT staff going homes and away for weekend, deadline on Monday, so good chance we will have to pay.

    Unsuitable or offensive? Report this comment

  • Isn't an attack on criterial infrastructure, like government or defence or medical paramount to an Act of War?
    This is really very dangerous , it shouldn't be possible for people to just do this to the NHS.
    Maybe the Goverment will finally get serious about all these dangerous hackers, now they are putting innocent people'lifes at risk.
    And we didn't even vote for Trump!

    Unsuitable or offensive? Report this comment

  • Gp surgeries Lincolnshire "shut". All advised to disconnect from n3 network

    Unsuitable or offensive? Report this comment

  • What level of lowlife would do this?

    Unsuitable or offensive? Report this comment

  • Vinci Ho

    All down
    Can't even order bloods on written forms as that requires NHS numbers
    The other way of thinking , the public knows certainly how 'vulnerable' NHS is and 'somebody' wants to destroy it!

    Unsuitable or offensive? Report this comment

  • National Hopeless Service

    This article was a bit ironic -Sharp rise in GP practices investigated by data protection watchdog

    Unsuitable or offensive? Report this comment

  • Vinci Ho

    According to one of my girls(receptionists) early on , she saw the screen kind of 'melting': patient's details on screen reverted back to older entries ; old address replaced latest one!!

    Unsuitable or offensive? Report this comment

  • Like many GPs I suspect, I have sat in meetings and heard expensive suited men telling us that the NHS has unbreakable security and that data was completely secure. Yet more evidence that those making decisions in the NHS about where to spend huge sums of money on NHS IT should be answering questions in a public enquiry.

    Unsuitable or offensive? Report this comment

  • Stelvio | Locum GP12 May 2017 6:01pm

    Not sure what kind of meeting you goto but at all the meetings I go, I go, I get told there is no such thing as unhackable data. NHS security standard gives good standard of protection but no such things as 100% secure.

    What I do get told is that digital record is more secure then paper ones and data breaches are down to human errors rather then hacking. Track record shows this to be true - until today :)

    Unsuitable or offensive? Report this comment

  • Surprised if there are enough IT staff left to deal with this problem given recent changes to the way contractors are taxed IR35. Good news for consultants. Weekend rates too.

    Unsuitable or offensive? Report this comment

  • Apparently Wanna Decryptor is a common malware, according to the BBC.
    Wana Decrypt0r v.2 (as written on the ransomeware pop-up) may be a new version.That would be easier to stop. People are already blaming that "somebody clicked on an email." But a mass simultaneous Cyberattack UK-wide? That's not clickbait.
    But it could be cover for something worse. I saw my screen blue-screen, restart Windows, then an error message about "you are not authorised to access Blue Bay", then a Windows list of error messages, before the ransomeware pops up.
    Whole thing also makes me more worried about the over-reliance GP Practices have on using Emis Web with an always-on connection to Emis Web servers needed.Next time they might only need to hit Emis Server farms to mess up our GP services.

    Unsuitable or offensive? Report this comment

  • I've had a warning pop up for 18m saying 'your current Microsoft software is not supported'. It's not my job to sort this out- I'm not from IT. I had an 18yr old lad in who laughed at my computer tower and told me it needed to be replaced. It's widely known that NHS IT has been severely underfunded for years. Hunt/May- we needed better funded IT a while back. Now people are dying. What do you have to say?

    Unsuitable or offensive? Report this comment

  • Vinci Ho

    If you are following this fascinating story as more will unfold. The early post mortem examinations appear to associate with the vulnerably weak cyber security in our NHS IT systems . My practice, for instance , is one of the many which is still using Windows XP professional. Verdict from IT experts is merely lack of investment in maintaining and upgrading this security. Yes , this attack might not be specifically targeting NHS but our 'firewalls' are such easy targets to break in the midst of any large scale global cyber attack .
    This is the last thing Auntie May wanted three weeks from the general election she called upon. Trusting Agent Hunt might become a major liability as he was only interested in developing flamboyant, superficial and flawed ideas like NHS smartphone apps , more Skype consultations etc without realising some fundamentals need to be addressed first . Ignorance , arrogance and complacency describe it all .
    Keep an eye on this story , more 'lessons' to learn.

    Unsuitable or offensive? Report this comment

  • Vinci Ho

    Nicola Sturgeon immediately called for a 'resilience' meeting even though the impact in Scotland is much less than England . Auntie May had to remote control in reassuring the public that no patient data had been compromised as she is 'confidently' campaigning in Northern England . Typically , there is no show of Agent Hunt. I would jump to exploit this situation if I was an opposition leader !
    Well , this story of general election is full of twists and turns, isn't it?

    Unsuitable or offensive? Report this comment

  • This is much worse than it currently appears. Being in pain or feeling poorly will pale into insignificance when people start dying in hospitals because they cannot get treatment.

    DoI - medical informatics consultant

    Unsuitable or offensive? Report this comment

  • make nhs paper free, make nhs patient free
    I am sure cqc will come back with great idea. All drs have to know all about cyber attack, 2 day course by bill gates, with 50% discount to lmc and ccg players who will arrange these programmes.

    Unsuitable or offensive? Report this comment

  • A symptom of obsolete operating systems and underinvestment in It.A reaction by demoralised and brow beaten staff who have had a seven year pay cut.A government who doesn't give a sh@@.What a cluster fu@@.

    Unsuitable or offensive? Report this comment

  • May and @unt will come out with the tired old line"lessons must be learnt".The Tory government are incapable of learning,the are the arrogant self important ruling class they are always right.The Nasty Party.

    Unsuitable or offensive? Report this comment

  • There's been no guidance for practices that are so far unaffected. We took the decision at 2330 to go in and shut off all computers and servers and disconnect all network cables. I haven't a clue if his was a one off action or if it's ongoing. The communication has been completely absent. I tried calling a number given by NHS digital and it goes through to a chaps answerphone. We have probably over reacted but I'd rather turn up on Monday half an hour early to reboot everything that to one of those screenshots.

    Unsuitable or offensive? Report this comment

  • Vinci Ho

    So the Home Secretary , Amber Rudd , said this morning in BBC breakfast , these NHS files were 'supposed' to be back-upped and the government's statement is NOT to pay any ransom.
    How are you judge this, folks ?

    Unsuitable or offensive? Report this comment

  • Vinci Ho

    Could feel Amber Rudd's voice shaken a little bit in this interview........

    Unsuitable or offensive? Report this comment

  • Interesting Amber Rudd is the spokesperson and not $unt. I know she's Home Secretary. A bit of Tory pre-election opportunism and jostling in position to please May??

    Unsuitable or offensive? Report this comment

  • Vinci Ho

    So Amber Rudd chaired the Cobra Meeting and said the health secretary had already instructed NHS trusts not to use Windows XP . Hence , the government is innocent.
    What are your thoughts, folks?

    Unsuitable or offensive? Report this comment

  • Presumably someone is going to tell us tomorrow if it's safe (or not) to turn back on on Monday morning? I realise we foot soldiers are as ever low priority, but it would be nice to know a little more than the hoarded when they turn up wanting their statins.

    Unsuitable or offensive? Report this comment

  • Dear All,
    In addition to all the detailed stuff on the various NHSE NHSD, Supplier, RCGP etc web sites here's some simpler stuff;

    The WannaCry virus is a self-propagating “worm” that seeks out vulnerable computers linked via networks. Once introduced to a network it burrows from workstation to workstation like a software mole, only surfacing every now and then on unprotected PCs with its threatening screen.

    Like a mole it has to be isolated and then dealt with.

    It can be beaten and removed

    Although it threatens to encrypt your files it does not

    It only works on the Windows operating systems

    It has not affected the GP system suppliers, none of the GPSoC clinical system suppliers have been infected and no patient data has been affected. Stories of EMIS or TPP being “down” reflect the local networks being shut down not any problem with the system suppliers.

    If you see the screen on a PC immediately unplug the network cable from the back of the PC or from the socket in the wall.

    At the end that plugs into the PC there are often two small green LEDs adjacent to the cable socket that flash intermittently.

    Then close down the PC, you can do this by simply pressing and keep pressing the power button until the PC stops. Alternatively hold down the ALT key and then press the F4 key, doing this repeatedly and closing any programs running should eventually show you a “close down this PC” box.

    Once the PC has been disconnected and turned off the virus will have been isolated and can then be dealt with.

    Do not reconnect that PC to any network until it has been cleansed.

    Different areas will have different solutions.

    Contact your local IT support / AT / CSU for advice, browse the various sites available at NHS Digital, NHSE, CyberCert, RCGP, EMIS and TPP etc.

    For practices still using Microsoft XP, although this is an obsolete system and no longer officially supported by Microsoft they have, in response to this global event, created a patch for XP. This means once cleansed you will be able to resume using these workstations.

    It is likely that fixes will be applied by downloading them onto fobs and then transferring them onto the affected PCs.

    It is safe to continue use NHS Mail.

    It can lie dormant, so even apparently unaffected PCs may still harbour the virus. So in the next week make sure EVERY pc in your surgery gets a full virus / malware scan.

    Regards
    Paul C

    Unsuitable or offensive? Report this comment

Have your say