Your browser is no longer supported

For the best possible experience using our website we recommend you upgrade to a newer version or another browser.

Your browser appears to have cookies disabled. For the best experience of this website, please enable cookies in your browser

We'll assume we have your consent to use cookies, for example so you won't need to log in each time you visit our site.
Learn more

Major ransomware attack hits multiple hospitals and NHS organisations

  • Comment

Multiple hospital trusts and other NHS organisations are suffering significant IT systems problems this afternoon amid an apparent major ransomware attack.

There have been multiple reports of health service providers being seriously affected by the cyberattack and NHS Digital said it was investigating the issue.

“It is likely that some services will be affected, at least in the short term”

Chris Hopson

At least 30 NHS trusts and foundation trusts are thought to have been affected at present, according to BBC reports, though only 16 have so far been confirmed by NHS Digital. Clinical commissioning groups and GPs in some areas have been told to stop using their computers.

The attack is having a significant effect on patients. Some hospitals are diverting emergency ambulances, asking patients to go elsewhere, and cancelling elective care.

Routine scans and routine communications are also being affected, according to reports.

Barts Health NHS Trust said it was “experiencing a major IT disruption” and had activated a “major incident plan”.

It was cancelling routine appointments and ambulances were being diverted to neighbouring hospitals.

East and North Hertfordshire NHS Trust also said it was cancelling elective appointments and encouraging patients not to attend emergency departments.



The threat received by multiple trusts.

Urgent efforts to understand and respond to the situation are under way. An NHS Digital spokeswoman confirmed an investigation was underway.

The spokeswoman said: “We’re aware that a number of trusts that have reported potential issues to the CareCERT team. We believe it to be ransomware.”

One source told Health Service Journal that multiple trusts had been affected by a suspected malware attack around 1.30pm. They added that trusts had had their computer systems almost entirely shut down.

Services affected are thought to include picture archiving communication systems for x-ray images, pathology test results, phone and bleep systems and patient administration systems.

The source added: “This will mean delays and a focus on the sickest patients. I’ve seen it once before and we relied on local trusts supporting each other. If truly widespread then that’ll not be an option.”

NHS Providers chief executive Chris Hopson said: “The scale and scope of what looks to be an extensive malware attack on the NHS is not yet clear. If this is a malware attack, this is a growing problem across all industries.

Chris Hopson

Chris Hopson

Chris Hopson

“Given the potential impact, NHS trusts take this type of attack very seriously. They have detailed and well-rehearsed contingency plans in place to deal with incidents of this type and these plans have worked effectively when they have been triggered on an individual trust basis in the past,” he said.

“Trusts will rally round support each other to cope with the disruption and early feedback suggests that this is already happening in this case,” said Mr Hopson.

“However, it is likely that some services will be affected, at least in the short term,” he added.

Dr Anne Rainsberry, incident director at NHS England, said: “We’d like to reassure patients that if they need the NHS and it’s an emergency that they should visit A&E or access emergency services in the same way as they normally would and staff will ensure they get the care they need.

“More widely we ask people to use the NHS wisely while we deal with this major incident which is still ongoing,” she said in a statement released just after 6pm on Friday.

“NHS Digital are investigating the incident and across the NHS we have tried and tested contingency plans to ensure we are able to keep the NHS open for business,” she added.

Unison general secretary Dave Prentis said: “Staff are already facing huge challenges to keep the health service running and deliver the best care for patients. This senseless cyber attack will make their jobs even harder.”

Mr Prentis called on the government to take “urgent action to get hospitals up and running again”, and to also spend money protecting staff and patients from ”future incidents”.

National news outlets are starting to report this evening that the NHS incident was part of a wider attack affecting organisations around the world.

NHS Digital said in a statement that a number of NHS organisations had reported to it that they have been affected by a ransomware attack.

It said its investigation was at an “early stage but we believe the malware variant is Wanna Decryptor”.

Anne Rainsberry

Anne Rainsberry

Anne Rainsberry

“This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors,” added the statement. “At this stage we do not have any evidence that patient data has been accessed.”

NHS Digital highlighted that it was working closely with the National Cyber Security Centre, the Department of Health and NHS England to “support affected organisations and ensure patient safety is protected”.

”Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available,” it said.

Prime minister Theresa May said: “We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack.”

She confirmed that the National Cyber Security Centre was “working closely” with the NHS Digital to support trusts involved but there was no evidence patient data had been compromised.

Labour health spokesman Jonathan Ashworth said: “This cyber-attack is terrible news. Our hard-working NHS staff are already operating under unprecedented pressure and should be given every support to help the public in the face of these malicious and disturbing actions.

“This incident highlights the risk to data security within the modern health service and reinforces the need for cyber security to be at the heart of government planning,” he said. “The digital revolution has transformed the way we live and work but we have to be ready for the vulnerabilities it brings too.

“The government need to be clear about what’s happened, and what measures they are taking to reduce the threat to patients,” he said. ”The safety of the public must be the priority and the NHS should be given every resource to bring the situation under control as soon as possible.”

Liberal Democrat health spokesman Norman Lamb said: “This is a deeply disturbing development with potentially awful consequences for patients.

“It shows we urgently need to explore what steps could be taken to better protect vital systems like this from cyber attacks,” he said.

NHS organisations affected include:

  • Northumbria Healthcare NHS Foundation Trust
  • North Cumbria University Hospitals NHS Trust
  • University Hospitals of Morecambe Bay NHS Foundation Trust
  • Blackpool Teaching Hospitals NHS Foundation Trust
  • Southport and Ormskirk Hospital NHS Trust
  • East Lancashire Hospitals NHS Trust
  • Barts Health NHS Trust
  • East and North Hertfordshire NHS Trust
  • Derbyshire Community Health Services NHS Trust
  • University Hospitals of North Midlands NHS Trust
  • North Essex Partnership University NHS Foundation Trust
  • London North West Healthcare NHS Trust
  • York Teaching Hospital NHS Foundation Trust
  • East Cheshire NHS Trust
  • Aintree University Hospital NHS Foundation Trust
  • Royal Liverpool and Broadgreen University Hospitals NHS Trust
  • Liverpool Community Health NHS Trust
  • United Lincolnshire Hospitals NHS Trust
  • Comment

Have your say

You must sign in to make a comment

Please remember that the submission of any material is governed by our Terms and Conditions and by submitting material you confirm your agreement to these Terms and Conditions. Links may be included in your comments but HTML is not permitted.