A number of hospitals, dental practices and GPs across the UK have been impacted by a large-scale ransomware cyberattack. Officials from NHS Digital said all non-urgent patient activity has been suspended and that up to 25 health service organisations were hit.
Healthcare officials have been posting to social media about the widespread outages. "We got a message saying your computers are now under their control and pay a certain amount of money. And now everything is gone," one message read.
In a statement, the East and North Hertfordshire NHS Trust said: "Today (Friday, 12 May 2017), the trust has experienced a major IT problem, believed to be caused by a cyberattack.
"Immediately on discovery of the problem, the trust acted to protect its IT systems by shutting them down; it also meant that the trust's telephone system is not able to accept incoming calls.
"The trust is postponing all non-urgent activity for today and is asking people not to come to A&E - please ring NHS111 for urgent medical advice or 999 if it is a life-threatening emergency.
"To ensure that all back-up processes and procedures were put in place quickly, the trust declared a major internal incident to make sure that patients already in the trust's hospitals continued to receive the care they need."
According to The Visitor, Dr Tony Naughton, chief clinical officer at Fylde and Wyre CCG, described the issue as "national". The outlet said technical teams have been called to investigate the problems – but that computers in walk-in centres and selected hospitals are being shut down.
NHS England initially said that by 15:30 (BST), 16 NHS organisations had reported they were affected by this issue. The press office declined to say how many patients were likely to be affected. The BBC reported that ransomware infections were also recorded in Scotland.
An official statement read: "A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack which is affecting a number of different organisations.
"The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.
What is ransomware?
Ransomware is a type of malware which infects computers- typically by phishing - and locks down files until a fee is paid to the hackers. It is difficult to combat and relies on human error to spread. In the past, it has targeted schools, hospitals and governments.
"At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.
"NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and to recommend appropriate mitigations.
"This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors. Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available."
The ransomware is the same variant as is hitting multiple companies in Spain, which has been blamed on a known – yet patched – vulnerability in Microsoft Windows.
The hackers are reportedly exploiting a critical vulnerability (MS17-010) that first received a patch on 14 March. "The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages," Microsoft warned at the time.
NHS Merseyside said on Twitter: "Following a suspected national cyber attack we are taking all precautionary measures possible to protect our local NHS systems and services. We're sorry that phone and email communication are down at present. We will keep you updated."
The ransomware is reportedly demanding bitcoin. "Your important files are encrypted. Maybe you are busy looking for a way to recover your files, but do not waste your time. Nobody can recover your files without our decryption service," a warning reads.
One NHS IT worker told The Guardian the incident started just after midday (BST). "This is affecting the east of England and number of other trusts. This is the largest outage of this nature I've seen in the six years I've been employed with the NHS," the source said.
The hackers are reportedly asking for $300 in return for the locked files. Images of the hijacked computer screens have now started to circulate on social media.
"We apologise but we are having issues with our computer systems. Please don't attend A&E unless it's an emergency. Thanks for your patience," said Blackpool Hospitals in a Twitter update.
The National Cyber Security Centre (NCSC), a fork of UK spy agency GCHQ, said that it is now probing the scale of the ransomware attacks. "We are working with NHS Digital and the National Crime Agency (NCA) to investigate," it said in a statement.
Jakub Kroustek, threat lab lead at Avast, a cybersecurity firm, indicated the ongoing attacks may be more widespread than previously known.
"We have observed a massive peak in WanaCrypt0r 2.0 attacks today, with more than 36,000 detections, so far," he said. "An interesting observation we have made is that the attacks today are largely targeting Russia, Ukraine, and Taiwan."
MalwareHunterTeam, a well-known cybersecurity-focused Twitter account, said the ransomware was "spreading like hell." Its researchers said victims spanned 11 countries.