This site is intended for health professionals only

GP leaders warn it will take ‘days’ for some practices to recover from NHS hack

GP practices around the country will likely be dealing with the fallout from the NHS cyber attack for ‘the next few days’, GP leaders have warned.

The comments come as it emerged that neither NHS England nor NHS Digital has up-to-date figures on how many areas or GP practices are still affected by the malware, which hit the NHS on Friday and prevented practices from accessing patient records and admin data, as well as vital prescribing and referring software.

Although some practices were up and running on Monday – after IT support battled to restore computers over the weekend – other practices reported that they were still struggling with their systems and were forced to close today as well.

RCGP chair Professor Helen Stokes-Lampard said: ‘We’re still trying to work out the full extent of how the cyber attack has impacted on general practice, and the wider NHS. We do know that many practices have felt the effects on some of their processes, but as far as we can tell, no patient data has been compromised.

‘In the meantime, the college has provided our members with guidance and resources to support them through this challenging time, and we will continue to monitor the situation and reassure patients that GPs and their teams are doing all they can to provide safe care.’

In an update for the North East and Cumbria region, an NHS update said that ‘while GP practices have been open as usual on Monday, many in the North East have been unable to access IT and clinical systems which have meant practices have taken longer to see and treat patients’.

NHS services across the region are extremely busy and are asking the public to think twice before using GPs practices, A&E, or calling NHS 111, said the update.

Meanwhile, in an updated national statement NHS England said it was ‘continuing to work with GP surgeries to ensure that they are putting in place a range of measures to protect themselves’.

Dr Anne Rainsberry, national incident director advised: ‘If people have hospital or GP appointments they should attend unless told otherwise. The latest information can be found on the NHS Choices website.’

In general, NHS Choices warned that ‘appointments may be slower than usual, as some surgeries will be using paper-based records whilst electronic systems are switched back on’.

As of 3pm, two hospitals remained on divert following the ransomware cyber attack, down from seven yesterday, NHS England said.

Dr Kieran Sharrock, GP and medical director of Lincolnshire LMC, said that GP practices in the area have been forced to cancel routine, follow-up appointments and have not been able to handle repeat prescriptions as a result of the cyber attack.

However, practices in the region are managing to see those patients with urgent or emergency health problems.

He said that the next few days would be very busy as practices will have to ‘pick up the pieces’ and that five days’ work would have to be ‘concentrated into three or four days’.

In terms of the IT systems, Dr Sharrock said: ‘It’s my personal view that we have ageing and not particularly well-managed IT hardware and that NHS support units have been slow in upgrading it.’

Dr Paul Cundy, head of the GPC’s IT committee, told Pulse: ‘My guesstimate is that less than 1,000 practices were affected by the cyber attack.

‘I think the main focus has been in the North East. I don’t think that it has been as bad as it might have been.’

Dr John Ashcroft, executive officer at Derby and Derbyshire LMC, said that his practice had just got back online at around 2.30pm today.

‘It was a pain this morning as we normally print off the next day’s appointments but we couldn’t do that on Friday so we didn’t know who was coming in today.’

Some practices have hit out at ‘GP leaders’ for failing to give advice on day-to-management, involving blood tests and X-rays, without having access to a computer.

‘Practices work in very different ways,’ said Dr Ashcroft. ‘We do all our bloods on paper, whereas my wife’s practice does all the bloods by computer.’

The Rural Services Network (RSN) – England’s largest partnership of rural NHS providers – voiced concern at the impact of cyber-attacks on practices that serve rural communities after being approached by ‘a number’ of councillors.

RSN chief executive Graham Biggs said: ‘This is an extremely worrying situation for rural patients and for small rural practices which operate on a limited budget.’

While some practices were not directly attacked by the cyber-attack, some network connections to data servers and the internet were affected.

This left GP practices unable to access any patient data – prompting pleas for patients to attend surgery only if their need is urgent.

Meanwhile, NHS Digital moved quickly to allay fears that the NHSmail platform had been compromised.

A statement from NHS Digital said: ‘Since we started to see the impact of the Wannacry ransomware attack on Friday, NHS Digital and Accenture have been investigating the NHSmail platform to determine whether this was used in the attack, or compromised as a result of the attack.

‘Following rigorous investigation, NHS Digital can confirm that the platform has not been compromised, nor has it been used as a delivery mechanism for the ransomware to infect or spread.’

The statement added: ‘Organisations who have removed their access to NHSmail, given the above reassurances and checks carried out , should now start to seriously consider re-enabling access to NHSmail services.’