Posted on May 12, 2017

    The NHS Is Starting To Recover From The Huge Ransomware Attack

    Forty-eight NHS trusts were affected, all but six of which have now returned to normal, home secretary Amber Rudd said.

    by ,
    Mike Egerton / PA Wire/PA Images

    The majority of NHS trusts affected by Friday's global cyberattack have now regained control of their computer systems, the home secretary has said.

    Amber Rudd said that of the 48 trusts hit by the ransomware attack, only six were still suffering the consequences.

    Speaking after an emergency Cobra meeting, Rudd said: “We’ve talked about how we can make sure that the NHS remains robust, that patients are put first, and I’d like to commend the work NHS staff have done to ensure that the hospitals and patient surgeries are going to continue to run smoothly.

    “This has been an international attack – it’s impacted 100 countries – it has affected our NHS but also some elements of industry. We think we have the right preparedness in place and also the right plans going forward over the next few days to ensure that we limit its impact going forward.”

    Doug Peters / Doug Peters/EMPICS Entertainment

    Some trusts had urged patients only with serious or life-threatening illnesses to come to hospitals, after falling victim to a cyberattack that Europol said was "unprecedented" in scale.

    "We ask people to use the NHS wisely while we deal with this major incident which is still ongoing," said NHS incident director Dr Anne Rainsberry. "NHS Digital are investigating the incident and across the NHS we have tried and tested contingency plans to ensure we are able to keep the NHS open for business.”

    Europol's @EC3Europol is supporting countries. #WannaCry #Ransomware attack at unprecedented level and requires international investigation.

    NHS systems were infiltrated by the WannaCry malware, which exploits a security bug in Windows operating systems and blocks all files until a ransom has been paid – in this case $300 in cryptocurrency bitcoin.

    Prime minister Theresa May said the NHS had not been deliberately targeted by the attack, the effects of which have been felt all over the world.

    As of December last year, 90% of computer systems in the NHS were running off Windows XP, an obsolete Microsoft operating system that was released in 2001.

    Early evidence suggests many NHS trusts could have avoided falling victim to the ransomware attack if they had installed a free software upgrade issued by Microsoft in March.

    Jack Hardy / PA Wire/PA Images

    A sign outside the Royal London hospital after the cyberattack.

    Speaking to BBC Radio 4's Today programme earlier Saturday, home secretary Rudd said: "I would expect NHS trusts to learn from this and to make sure that they do upgrade."

    The home secretary has been leading the government's response to the cyberattack, but the Department of Health said health secretary Jeremy Hunt was "across it all and fully briefed".

    Labour's shadow health secretary Jonathan Ashworth wrote to Hunt on Saturday to ask why the NHS had not acted on a software update issued by Microsoft two months ago.

    Rudd herself replied to Ashworth, not Hunt, saying there "will be lessons to learn from what appears to be the biggest criminal cyber attack in history."

    The Liberal Democrats, meanwhile, have demanded an inquiry into apparent cuts to cybersecurity support in the NHS, with home affairs spokesperson Brian Paddick describing Rudd as a "home secretary in the digital age more suited to the era of analogue".

    The UK's National Cyber Security Centre said it was doing "everything in our power" to restore all services. Executive officer Ciaran Martin said: “The National Cyber Security Centre is working round the clock with UK and international partners and with private sector experts to lead the response to these cyber attacks."

    A doctor in London who preferred not to be named said a major incident had been declared in their hospital, but that no departments had been closed. They added that while the attack was inconvenient, work was able to carry on via paper and pens. “The picture is emerging that this is affecting multiple countries and sectors and is not solely targeted at the NHS," they said. "As the prime minister said, we have no evidence that UK National Health Service patient data has been stolen."

    They said that while it was possible to report some CT scans on paper, other scans would not work at all.

    "We will be able to deal with any urgent patient problem and have contingency plans in place for such scenarios when our IT fails," Dr David Wrigley, a GP from Lancashire whose systems were down, told BuzzFeed News. "We can also revert to hand writing paper prescriptions which is failsafe and requires no computer whatsoever!"

    Doctors on Twitter described the effects of the attack, with one doctor in Yorkshire tweeting that the incident meant patient histories were not available.

    All shut down in Yorkshire-even in GP practice. Back to handwriting notes while seeing patients without full histories! #nhscyberattack

    We are in middle of an #nhscyberattack computers now all powered off 🙁happy Friday

    We have lost EMIS, can't work! Major incident. #nhscyberattack in progress.

    Last year the NHS was warned it was not taking the threat of cyberattacks seriously enough, according to the Health Service Journal.

    An FBI investigation was launched last year when three hospitals in the US were hit by a ransomware attack. Systems at hospitals in Kentucky and California were infected with encrypted files that could only be unlocked in exchange for payment.

    Here's Why It's Unlikely The NHS Was Deliberately Targeted In The Ransomware Attack

    Laura Silver is a reporter for BuzzFeed News and is based in London.

    Contact Laura Silver at

    Matthew Champion is a deputy world news editor for BuzzFeed News and is based in London.

    Contact Matthew Champion at

    Got a confidential tip? Submit it here