East Lancashire's hospitals hit by cyber attack

NHS chiefs declared the attack 'a major incident' but said clinical care at the likes of the Royal Blackburn, Burnley General and Accrington Victoria hospitals was not compromised.

However, last night hospital bosses cancelled a number of non-essential operations pencilled in for today, as a precaution, until the full extent of the cyber-attack was understood.

Electronic prescribing systems, which are used to dispense medication to patients, were also put on hold, with staff reverting to paper prescriptions again.

Health service digital experts said 'ransomware' had infiltrated NHS systems, using a program called 'Wanna Decryptor'.

Dozens of hospitals and health centres across the UK were believed to have been hampered by the incident.

Several computer-related functions, down to the operation of electronic doors, were affected at NHS sites, also including Burnley St Peter's and Rossendale health centres.

However vital functions like X-rays and blood tests at the East Lancashire locations were understood to have been unharmed.

An East Lancashire Hospitals NHS Trust spokesman said: "Our patients are safe, as the equipment which manages equipment associated with procedures such as X-rays and blood tests, are unaffected.

"But any of our systems which rely on computers to operate, even down to our doors, have been affected. Extra support and security staff have been drafted in to deal with the issue."

The trust also runs Pendle Community Hospital in Nelson and the Clitheroe Community Hospital.

District nursing services in East Lancashire were also thought to have been hampered.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 of the online currency Bitcoin, saying: "Ooops, your files have been encrypted!"

The message also added: "Maybe you are looking for a way to recover your files, but do not waste your time."

Demands were made for payment within three day or the price would be doubled. Files would be deleted in seven day if not, according to the warnings.

Ribble Valley parliamentary candidate Nigel Evans said: "This is incredibly worrying. We have spent billions on IT systems for the NHS and clearly this needs to be guarded against.

"The safety and security of patients' information has to be a priority for any incoming government. It has to be as safe as the Bank of England."

A spokesman for NHS Digital said: "A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack.

"The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.

"This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

"At this stage we do not have any evidence that patient data has been accessed.

"We are working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.

"Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available."

This morning the Government and NHS bosses were facing growing questions over why hospitals across the country were crippled by a global cyber attack amid suggestions preventative measures could have been taken "months ago".

The health service faces a weekend of chaos after the unprecedented attack forced hospitals to cancel and delay treatment for patients.

At least 30 health service organisations in England and Scotland were infiltrated by the malicious software, while many others shut down servers as a precautionary measure, bringing added disruption.

Doctors reported seeing computers go down "one by one" as the "ransomware" took hold on Friday, locking machines and demanding money to release the data.

The National Cyber Security Centre (NCSC) said teams were "working round the clock" in response to the attack as it was reported up to 99 countries, including the US and Russia, were hit.

Prime Minister Theresa May said the Government was not aware of any evidence patient records had been compromised.

"This is not targeted at the NHS, it's an international attack and a number of countries and organisations have been affected," she added.

However shadow health secretary Jonathan Ashworth said the attack was "terrible news and a real worry for patients" and urged the Government to be "clear about what's happened". 

Ross Anderson, professor of security engineering at Cambridge University's computer lab, said the incident is the "sort of thing for which the secretary of state should get roasted in Parliament. 

"If large numbers of NHS organisations failed to act on a critical notice from Microsoft two months ago, then whose fault is that?" Mr Anderson told The Guardian. 

Experts say the virus, called Wanna Decryptor, exploits a vulnerability in Microsoft Windows software first identified by American spies at the National Security Agency (NSA).

The tools were leaked on the web earlier this year when hackers dumped a cache of NSA files following a security breach.

Prior to the dump, Microsoft released a fix, or patch, for the issue, although computers that did not install the update, or could not due to the age of their software, would have been vulnerable to attack.

The US Department of Homeland Security said on Friday that the patch, released by Microsoft on March 16, "addresses this specific vulnerability, and installing this patch will help secure your systems from the threat".

In December it was reported nearly all NHS trusts were using an obsolete version of Windows that Microsoft had stopped providing security updates for in April 2014.

Data acquired by software firm Citrix under Freedom of Information laws suggested 90% of trusts were using Windows XP, then a 15-year-old system.

It is not known how many computers across the NHS today are still using Windows XP or recent variants Windows 8 and Windows 10.

Just one day before Friday's attack a doctor warned that NHS hospitals needed to be prepared for an incident precisely of the kind seen.

In an article published in the British Medical Journal, Dr Krishna Chinthapalli, a neurology registrar at the National Hospital for Neurology and Neurosurgery in London, said hospitals "will almost certainly be shut down by ransomware this year".

As the scale of the security breach became clear on Friday afternoon, ambulances were diverted and patients told to avoid some A&E departments.

Staff reverted to pen and paper and used their own mobiles after key systems were affected, including telephones.

A total of 19 English health organisations reported problems, including hospitals and clinical commissioning groups (CCGs) in London, Blackpool, Hertfordshire and Derbyshire.

United Lincolnshire Hospitals NHS Trust said it was forced to cancel all outpatient, endoscopy, cardiology and radiology weekend appointments across its three hospitals.

In Scotland, 11 geographical health boards, including the ambulance service and acute hospital sites, saw their IT networks infected.

At least one health trust found itself named as a victim of the cyber attack despite actually suffering from an unrelated server problem.

Security chiefs and ministers have repeatedly highlighted the threat to Britain's critical infrastructure and economy from cyber attacks. 

In February the NHS official responsible for IT security warned that cyber attacks "have and will affect patient care". 

Dan Taylor said "health has never paid a ransom" and organisations can recover files using back ups, however it can still lead to "days of cancellations to patient facing services".

In Russia, the Interior Ministry said around 1,000 computers were hit by a cyber attack on Friday. 

Several companies in Spain were also crippled by ransomware attacks.

Telecoms firm Telefonica was one of those reporting problems, along with courier firm FedEx.

Last year, the Government established the NCSC to spearhead the country's defences. 

In the three months after the centre was launched, there were 188 "high-level" attacks as well as countless lower-level incidents.

Chancellor Philip Hammond disclosed in February that the NCSC had blocked 34,550 potential attacks targeting UK Government departments and members of the public in six months.

Researcher Marco Cova said critics should take the complexity of keeping systems up-to-date into account.

"It's easy to blame people who don't upgrade," he said.

"But in practice things are often more complicated: operations team may not touch legacy systems for a number of reasons; in some cases they may even be unaware that such legacy systems are running in their infrastructure."

The virus's global spread has been slowed by the triggering of a virtual "kill switch" built in to the malware, according to reports.

It is understood the virus searched the web for a web address that, once activated, stopped the worm's transmission. 

According to The Register the domain was activated on Friday.