Indian-origin doc warned against UK health service cyber-hack

Patients of the state-funded country-wide service are facing days of chaos as appointments and surgeries were cancelled after almost 45 NHS organisations from London to Scotland were hit in the "ransomware" attack on Friday.

The attack infected computers with what is known as "ransomware", software that locks up the user's data and flashes a message demanding payment to release it.

Dozens of countries were hit with a huge cyberextortion attack at a multitude of hospitals, companies and government agencies.

.

The ransomware appeared to exploit a vulnerability in Microsoft Windows that was purportedly identified by the US National Security Agency (NSA) for its own intelligence-gathering purposes and was later leaked to the internet.

"Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware", said a spokesperson in a statement.

Its ransom demands start at $300 and increase after two hours to $400, $500 and then $600, said Kurt Baumgartner, a security researcher at Kaspersky Lab.

Shortly after that disclosure, Microsoft announced that it had already issued software "patches", or fixes, for those holes, but many users have not yet installed the fixes or are using older versions of Windows.

Chris Wysopal of the software security firm Veracode said criminal organizations were probably behind the attack, given how quickly the malware spread.

"For so many organisations in the same day to be hit, this is unprecedented", he said.

Patrick Ward, a 47-year-old sales director, said his heart operation, scheduled for Friday, was canceled at St. Bartholomew's Hospital in London.

One reason the malware was able to spread so fast is because it was created to spread like a worm inside a network, self-replicating on all vulnerable systems.

Critically ill patients are being diverted to unaffected hospitals as computer systems failed in Accidents & Emergency (A&E) units and doctors were locked out of test results, X- rays and patient records. "It's stressful enough for someone going through recovery or treatment for cancer".

A cyber attack on the NHS has exposed the "vulnerability" of the public sector and society in general to harmful malware, according to Nicola Sturgeon.

Megafon, a Russian telecommunications company, was also hit by the attack.

The SNP leader revealed that 13 health wards in Scotland were among the services affected by the attack on Friday, which targeted 40 NHS Trusts, Nissan's United Kingdom plant in Sunderland and a further 90 countries worldwide. Even if they did, that cybersecurity expert would often be helpless against ransomware attacks of the sort the world saw on Friday.

"The Trust has been advised by I.T. security and NHS-Digital of a serious Ransomware threat now in circulation throughout the NHS", the email to employees of Britain's National Health Service said.

"Efforts to localise the infected server are underway to prevent (the ransomware) from spreading", he said, adding that his ministry was working with other authorities, including the Health Ministry, to solve the problem.

The scale of this attack is unusual, but the type of attack is not.

The BBC reported that a list of affected locations included London, Blackburn, Nottingham, Cumbria and Hertfordshire.

  • Carolyn Briggs