The National Health Service (NHS) warns of a day of chaos as doctors return to work and switch on their ransomware-infected computers. Some operations have been canceled and experts say new strains of the cyberattack could further manifest.
Friday’s global attack brought UK health service computers to a standstill. The Wanna Decryptor or WannaCry ransomware, which locks computer systems and demands $300 in Bitcoin, hit over 200,000 computers in 150 countries.
NHS England says there is a “complex emerging picture” of the attack’s impacts, after one in five trusts was hit. Patients are being urged to use the NHS “wisely,” and only make appointments if urgent.
Operations planned for Monday have been cancelled at several major hospitals, with patients facing disruption to their treatment because computers used to share patient test results and scans with doctors remain frozen.
NHS Incident Director Anne Rainsbury says pathology services were the most seriously affected, alongside imaging services, such as MRI and CT scans, and X-rays, which transmit images via computers.
Home Secretary Amber Rudd will hold a meeting of the emergency COBRA committee on Monday.
It comes amid warnings the crisis could spread to other sectors. The head of Britain’s National Cyber Security Centre has raised concerns that many existing infections may yet to have been detected, and others could spread within networks.
Health secretary was warned
Tory Health Secretary Jeremy Hunt was warned last summer that NHS organizations were failing to prioritize cybersecurity and continued to use obsolete computer systems, it has emerged.
The Care Quality Commission and Dame Diona Caldicott, the national data guardian, wrote to the health secretary to point out a worrying “lack of understanding of security issues” and that “the external cyber threat is becoming a bigger consideration.”
Their letter last July proposed a 13-point plan to ensure cyber security was improved after a review by Caldicott which found “significant use of software within the sector that is no longer supported by the manufacturer … leaving systems exposed to common types of cyberattack.”
Caldicott recommended IT systems be replaced as “a matter of urgency” and that health organizations “provide evidence they are taking steps to improve cyber security.”
The report said the continued use of “outdated systems” was “one of the most pressing issues facing IT infrastructure” in the NHS.
Hunt has not featured in the government’s public response to the crisis. Leaving his home for work on Monday morning, Hunt ignored journalist’s questions about the hack.
Virus will spread
Europol, the pan-EU crime-fighting agency, says the threat is escalating and predicted the number of ransomware victims is likely to grow across the public and private sectors.
The attack has hit companies from Russia to Australia. Victims ranged from Renault car plants in France to the FedEx delivery company in the United States, as well as Russia’s interior ministry and Chinese universities.
The hackers remain undetected but are believed to have so far gathered $42,000 in ransom payments from about 110 victims. This is expected to rise, as the malware threatens that the ransom will double if the victims fail to pay $300 in bitcoin within three days.
The NHS has not paid any money, according to the Times.
Every British government department’s computer system is vulnerable, the former head of the civil service, Sir Bob Kerslake, says. Speaking to the BBC, he said the defense and security systems are “pretty well protected” but “beyond that, I think pretty much every government department is at risk here.”
In a blog post on Sunday, Microsoft President Brad Smith appeared to acknowledge that the ransomware attack used a hacking tool built by the US National Security Agency which leaked online in April.
He said governments should “treat this attack as a wake-up call” and “consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits.”