Cyberattack demanding ransom strikes scores of British hospitals, companies across Europe

Britain’s health service was hit Friday by a huge international cyberattack that froze computers at hospitals across the country — an attack that shut down wards, closed emergency rooms and brought medical treatments to a screeching halt.

Hospitals in areas across Britain found themselves without access to their computers or phone systems. Many canceled all routine procedures and asked patients not to come to the hospitals unless it was an emergency. Some chemotherapy patients were sent home because their records could not be accessed.

Most of the affected hospitals were in England, but several facilities in Scotland also reported being hit. Doctors’ practices and pharmacies reported similar problems.

As similar widespread ransomware attacks were reported in Spain, Romania and elsewhere, experts warned that online extortion attempts by hackers are a growing menace. Hospitals, with their often outdated IT systems and trove of confidential patient data, are a particularly tempting target.

British Prime Minister Theresa May said there was no evidence that patient data had been compromised in the attack, and that it had not specifically targeted the National Health Service.

“It’s an international attack and a number of countries and organizations have been affected,” she said.

A spokesman for the European Union’s police agency, Europol, said Britain and Spain have asked for its support as they investigate the ransomware cyberattacks in those countries. The spokesman, Jan Op Gen Oorth, declined to give further details Friday so as not to jeopardize the ongoing investigations.

NHS Digital, which oversees British hospital cybersecurity, says the attack used the Wanna Decryptor variant of malware, which infects and locks computers while the attackers demand a ransom.

Pictures posted on social media showed screens of NHS computers with images demanding payment of $300 worth of the online currency Bitcoin, saying: “Ooops, your files have been encrypted!”

Alan Woodward, visiting professor of computing at the University of Surrey, said there was evidence the ransomware was spreading using a Microsoft flaw exposed in a recent leak of information from U.S. intelligence agencies.

He said the affected computers likely had not applied the Microsoft patch or were running old operating systems for which no patch was available.

“I don’t believe it will have been a targeted attack, but will simply have been that the ransomware has sought out those organizations that are running susceptible devices,” he said.

Tom Griffiths, who was at Bart’s Hospital in London for chemotherapy treatment, said a nurse showed him her computer screen, which carried an image of a padlock.

“It had a countdown clock ticking down, stating that all data would be deleted unless a payment was received within that timeframe,” he said.

NHS Digital said the attack “was not specifically targeted at the NHS and is affecting organizations from across a range of sectors.” It initially said 16 NHS organizations had reported being hit, and more reports came in as the day went on.

Spain, meanwhile, activated a special protocol to protect crucial infrastructure in response to the “massive infection” of personal and corporate computers in ransomware attacks. The National Center for the Protection of Critical Infrastructure said Friday it was communicating with more than 100 providers of energy, transportation, telecommunications and financial services about the attack.

The Spanish government said several companies had been targeted in a ransomware cyberattack that affected the Windows operating system of employees’ computers. It said the attacks were carried out with a version of WannaCry ransomware that encrypted files and prompted a demand for money transfers to free up the system.

Spain’s Telefonica was among the companies hit.

Russia’s Interior Ministry spokeswoman Irina Volk said in a statement carried by Russian news agencies that Friday’s cyberattacks hit about 1,000 computers, but that the ministry’s servers hadn’t been affected.

Bart’s Health, which runs several London hospitals, said it had activated its major incident plan, canceling routine appointments and diverting ambulances to neighboring hospitals.

Patrick Ward, a 47-year-old sales director, said his heart operation, which was scheduled for Friday, was canceled at St. Bartholomew’s Hospital in London.

Griffiths said several cancer patients had to be sent home from Bart’s because their records or bloodwork couldn’t be accessed.

“Both staff and patients were frankly pretty appalled that somebody, whoever they are, for commercial gain or otherwise, would attack a healthcare organization,” he said. “It’s stressful enough for someone going through recovery or treatment for cancer.”

The National Cyber Security Center, part of the GCHQ electronic intelligence agency, said it was working with police and the health system to investigate the attack.

British government officials and intelligence chiefs have repeatedly highlighted the threat to crucial infrastructure and the economy from cyberattacks. The National Cyber Security Center said it had detected 188 “high-level” attacks in just three months.

Ransomware attacks are on the rise around the world. In February 2016, Hollywood Presbyterian Medical Center in California said it had paid a $17,000 ransom to regain control of its computers from hackers.

Krishna Chinthapalli, a doctor at Britain’s National Hospital for Neurology & Neurosurgery who wrote a paper on cybersecurity for the British Medical Journal, warned that British hospitals’ old operating systems and store of confidential patient information made them an ideal target for blackmailers.

He said many NHS hospitals in Britain use Windows XP software, introduced in 2001, and as government funding for the health service has been squeezed “IT budgets are often one of the first ones to be reduced.”

“Looking at the trends, it was going to happen,” he said. “I did not expect an attack on this scale. That was a shock.

ALSO

Trend of ransom payoffs to unlock malware from ‘electronic stickups’ troubles law enforcement

UCLA sued over recent hospital records hacking

India is building a biometric database for 1.3 billion people — and enrollment is mandatory

Aerospace peppers and astronaut robots: A town’s transformation reveals China’s ambitions in space

UPDATES:

3:50 p.m.: This article was updated with statements by representatives for Europol and Russia’s Interior Ministry.

1:50 p.m.: This article was updated with new details of several other countries targeted in the cyberattack.

10:55 a.m.: This article was updated with information detailing the extent of the attacks in Britain and Spain.

This article was originally published at 8:30 a.m.