Cyber security experts investigating after malware attack on Yorkshire NHS organisations


Cyber security experts are investigating a nationwide attack on IT systems which has targeted at least 16 NHS organisations.

The malware attack has affected hospital trusts in Yorkshire, including York Teaching Hospital NHS Foundation Trust and Hull and East Yorkshire Hospitals NHS Trust.

Pharmacists, doctors and NHS workers took to social media and described being held to ransom by the virus on their computers.

It is also reportedly affecting GP practices.

The first cyber attacks were reported at 3.30pm today (Friday) and, in a statement, NHS Digital said it is now working with the government and the National Cyber Security Centre to investigate.

The statement said: "A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack which is affecting a number of different organisations.

"The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.

"At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.

"NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations."

The statement said the attack was not specifically targeted at the NHS, and is affecting organisations from other sectors.

York Teaching Hospital NHS Trust confirmed it was among those experiencing difficulties as well as Hull and East Yorkshire NHS Trust, which said its IT team "responded rapidly".

A spokesperson for Hull and East Yorkshire Hospitals NHS Trust, said: “We can confirm that we have detected malware on our system however, at present, it has not had a significant impact on our organisation. Our IT team responded rapidly and we have blocked all incoming email and all web mail for the time being. No patient systems are affected.”

Leeds Teaching Hospitals NHS Trust and Mid Yorkshire Hospitals NHS Trust, which runs hospitals in Wakefield and Dewsbury, said they were not currently affected.

Attackers were able to targeted NHS computers by infecting them with a virus known as "ransomware", in which a rogue piece of software is installed remotely. The program, known as "Wana Decryptor" [CRRCT] demands an immediate online payment from the PC's owner for its removal.

Anti-virus software normally protects against such programs, but hackers can sometimes work around this.

The program obliterates the computer's normal screen with a demand for payment, claiming that files on the machine have been "encrypted" and hidden from the user. Encryption is used by many legitimate programs, including most text messaging services, and can be turned on and off instantly.

In many cases, the criminals behind such attacks are bluffing,hoping that the initial "scare screen" will be enough to frighten a user into paying.

The relatively low amounts demanded in the NHS attack - some users are being asked for £300 in the online currency bitcoin - and the poor spelling and grammar suggest the attackers may not be organised professionals.

The government publishes guidelines for public services on how viruses and online attacks can be prevented.