Scotland

Scottish NHS in 'recovery phase' following cyber attack

Computer screen with IT message Image copyright Getty Images
Image caption The cyber attack is affecting 11 of Scotland's 14 NHS boards

The Scottish government says it is working closely with health officials following a global cyber hack.

Eleven of Scotland's 14 territorial health boards were hit by the "ransomware" attack linked to other IT attacks around the world.

The hack has encrypted information on NHS computers, denying access unless a payment is made.

First Minister Nicola Sturgeon said work to fix the systems affected had entered a "recovery phase"

She called the attack "hugely concerning" but said there was no evidence as yet to suggest outdated computer systems were responsible for the breach.

Scotland's Health Secretary Shona Robison said there was a "level of confidence" that systems would be back up and running by Monday and that no breach of patient confidentiality had been detected.

The health boards which have been affected are:

  • NHS Glasgow
  • NHS Lanarkshire
  • NHS Dumfries and Galloway
  • NHS Forth Valley
  • NHS Tayside
  • NHS Western Isles
  • NHS Borders
  • NHS Fife
  • NHS Ayrshire and Arran
  • NHS Grampian
  • NHS Highland

The Scottish Ambulance Service has also been affected, along with NHS National Services Scotland.

The incidents are thought to be part of a wider attack affecting organisations in about 100 countries around the world.

IT problems have also caused disruption in about 30 health authorities in England, while the NHS in Wales and Northern Ireland are so far unaffected.

The Scottish government said most incidents had been confined to desktop computers in GP surgeries, dental practices and other primary care centres.

A spokesman said the only acute hospital sites so far affected had been in NHS Lanarkshire.

BBC Scotland understands that computer systems at Hairmyres Hospital in East Kilbride were compromised.

'Underline the vulnerability'

Ms Robison told the BBC's Good Morning Scotland programme that IT specialists had been working non-stop to get GP systems back up and running.

She said: "People are working very, very hard and have worked through the night. The update I've got this morning is that we're very much into recovery phase now, with a lot of work going on to get systems back up running.

"The GP systems, which of course were the main problem across our health boards - work is going on, and there is a level of confidence that many will be back up and running before GP surgeries open on Monday morning."

Media playback is unsupported on your device
Media captionWhat is ransomware?

Ms Sturgeon told the BBC: "Obviously cyber-attacks of this nature are hugely concerning and I think they underline the vulnerability not just of the public sector, but also of society generally to cyber-attacks, but they also underline the importance of all organisations making sure that they have all appropriate measures in place to protect against those kinds of attack."

She added: "Obviously there is a lot of investigation into exactly why the health service has been affected in the way it has. I think it's important to stress that this has been a global international attack."

Shona Robison said NHS Lanarkshire had been more affected in terms of its acute hospitals, but said manual systems had worked safely and insisted that patients had not been negatively impacted by the breach.

"The intention today is to begin testing those IT systems and to gradually and safely try to bring those back on over the course of the weekend."

'Emergency treatment'

Ms Robison added: "Throughout all of this there's been no breach to patient confidentiality that has been detected to date so patients should be reassured by that."

Patient services, including emergency services, are continuing to operate across Scotland, the Scottish government confirmed.

Ms Robison emphasised there had been no impact on the majority of the out-of-hours systems across Scotland, with NHS 24 working as normal along with the Scottish Ambulance Service, where the only issue had been with desktop PCs that were "non-patient facing".

"All the other parts of the system that people would use over the weekend are working as normal," Ms Robison said.

Image copyright NHS Lanarkshire
Image caption People turning up at Hairmyres Hospital have been urged to bring their medication with them

In NHS Lanarkshire, non-emergency patients have been urged to stay away from its hospitals as it deals with the ransomware attack.

Dr Helen Mackie, chief of medical services at Hairmyres Hospital, said staff had reverted to paper and manual records for patients.

She has urged any patients turning up at the authorities emergency departments to bring their medication with them because medics may have problems accessing their records.

Diagnostic tests

She said: "Help us by bringing as much information with you, So bring your medicines, bring any information you have about health care. Relatives can really help us as well because they're a wealth of information for us."

Dr Mackie said the IT issues were leading to the cancellation of planned out-patient appoints for tests such as CT scans. However, she said that any emergency diagnostic tests would continue to take place.

She added: "It's business as usual in terms of emergency care in our Lanarkshire hospitals. We are asking the public to help us by only coming to emergency departments if it is an emergency. But please be reassured that all our emergency access to treatment and care is up and fully running."

Related Internet links

The BBC is not responsible for the content of external Internet sites