Country braces for continuation of NHS ransomware crisis

GPs surgeries, clinics and Trusts round the country wake up today unsure quite what state their IT will be in. NHS Digital’s issued guidance, though, it thinks can help

Posted 15 May 2017 by Gary Flood

NHS staff and users alike start their week not quite sure exactly if they will be access their data and use their clinical and patient admin applications in the wake of the national ransomware crisis that struck on Friday.

NHS bodies across England and Scotland were struck as part of a global attack by an unknown group via malware called Wanna Decryptor or WannaCry.

Despite early reports, the NHS was not the sole target of the attack, which quickly turned out to be global – with 200,000 machines in 150 countries infected since the start of the crisis three days ago.

But many are already pointing fingers at the government, the Department of Health and even GDS for the fact that too many health service IT runs on older operating systems, especially the now-discontinued Microsoft Windows XP.

It’s being widely reported on both national media and specialist tech titles alike that warnings that the survival of such vulnerable and unsupported, older IT in an NHS aspiring to be ‘digital’ by 2020 opened the door for what some see as an ‘accident waiting to happen’.

The truth is that until the crisis is fully over, it’s really too early to take a definitive stance, with NHS England characterising the issue as “complex emerging picture”. What we know this morning, as reported by the BBC, is that seven of the 47 most affected face “serious issues”.

Nonetheless, some GPs are asking people to consider whether they really need appointments, says the BBC, with pathology services were the most seriously affected, alongside imaging services, such as MRI and CT scans, and X-rays, which transmit images via computers.

On Sunday, NHS Digital issued special guidance for the sector to try and help.

It states that its Data Security Centre continues to work “around the clock alongside the National Cyber Security Centre to support NHS organisations that have reported any issues related to this cyber-attack”.

Guidance documentation for NHS organisations impacted by the cyber incident have been distributed via our CareCERT bulletins and are also now on its site here.

It also offers any NHS IT manager who believes their organisation is affected and require support or further information, please contact NHS Digital on carecert@nhsdigital.nhs.uk or by calling 0800 0856653.

We’ll continue to monitor the situation as it unfolds, and would like to extend our thanks to all NHS IT professionals who have spent long hours battling to get health systems back online over the weekend – work that is, of course, continuing in many cases.