Hospitals Across England Infected With Ransomware, Leaving Patients Without Care

Photo: Getty
Photo: Getty

England’s healthcare system fell victim to a massive cyberattack Friday afternoon, forcing several hospitals to divert emergency patients to other facilities. Ransomware appears to be the cause.


At roughly 12:30pm local time, the National Health Service’s (NHS) clinical and patient systems began crashing, with pop-up messages appearing on screens demanding $300 in bitcoin in exchange for access, according to the Guardian.

As of 3:30pm, 16 NHS affiliates had reported infection. There’s no evidence so far that patient records have been accessed, nor does it appear the NHS was purposefully targeted.

In a statement, NHS Digital said it believed the malware variant is Wanna Decryptor, a Trojan virus that employs AES-128 encryption to render files inaccessible.

The BBC reports the attack struck hospitals in London, Blackburn, Cumbria, Hertfordshire, and Nottingham. Phone systems in certain areas also appear to be down.

Without computer access, many healthcare providers are resorting to pen and pads to keep track of their patients. A physician in Liverpool told the Guardian that his unit manually severed its connection to the broader NHS system in an attempt to stave off the infection. “[N]o computers means no records, no prescriptions, no results,” he said.


The NHS says its working closely with the National Cyber Security Centre and the Department of Health to help resolve the problem. In the meantime, many facilities have begun sending out notifications on social media and through the press urging potential patients not to visit if it isn’t an emergency.


“Our focus is on supporting organizations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available,” NHS Digital said.


[The Guardian, BBC]



Government are doing this wrong. They only need to indirectly connect at least 1 death to this cyberattack and release the leash on law enforcement on the perps. Bonus points if they can connect more than 1 death to the hack because they can call it “terrorism”. Catch them with extreme prejudice and charge them with murder. Then execute them in the most public fashion possible. Hackers will think twice before having their malware infect medical devices and computers.