Eleven of 14 NHS health boards hit by ransomware cyber-attack

Image caption,
Images such as this one in England are believed to have appeared on computer screens at Scottish health facilities

Eleven of Scotland's 14 NHS health boards have been hit by a cyber-attack linked to IT attacks around the world.

The only boards not to be affected are Lothian, Orkney and Shetland.

The first minister chaired a meeting of the Scottish government's resilience committee on Friday evening to review the situation. A second meeting is planned for 07:00 on Saturday.

Nicola Sturgeon said the government was taking immediate steps "to minimise the impact on patients".

The health boards which have been affected are:

  • NHS Glasgow
  • NHS Lanakrshire
  • NHS Dumfries and Galloway
  • NHS Forth Valley
  • NHS Tayside
  • NHS Western Isles
  • NHS Borders
  • NHS Fife
  • NHS Ayrshire and Arran
  • NHS Grampian
  • NHS Highland

The Scottish Ambulance Service has also been affected.

The incidents are thought to be part of a wider attack affecting organisations around the world.

The Scottish government said most incidents had been confined to desktop computers in GP surgeries, dental practices and other primary care centres.

A spokesman said the only acute hospital sites so far affected had been in NHS Lanarkshire.

First Minister Nicola Sturgeon said there was "no evidence" that patient data had been compromised.

She said: "All necessary steps are being taken to ensure that the cause and nature of this attack is identified.

"Our priority is to ensure that boards get all the support required to identify the full extent of any problems, and return IT systems to normal as soon as possible, so there is as little impact on patient care as possible.

"I would like to thank all of the NHS staff who are continuing to work hard to ensure that the impact of this attack is kept to an absolute minimum.

"I have complete confidence that they will continue to provide the excellent care for which they are famous."

GPs 'have no idea what drugs people are on'

Dr Emma Fardon, a GP in Dundee, told the BBC: "It became very obvious at around 1pm. I came back from house visits to find all our computers hit by the virus.

"It was the red display asking for the money. We can't access any patient records.

"Everything is fully computerised. We have no idea what drugs people are on or the allergies they have. We can't access the appointments system.

"We've had to try and phone as many people to rearrange their appointments to next week.

"It's had a massively disruptive effect. We can't process any documents, can't issue prescriptions, or look up results.

"We're trying to accommodate who we can. We are still seeing people who really need it.

"We've had glitches in the past but I've never seen anything as bad as this. We've no idea how long it will last for."

NHS Lanarkshire closed down its non-essential IT network and urged patients only to attend A&E in an emergency.

The board said in a statement: "NHS Lanarkshire, along with other boards across the UK, is currently experiencing ransomware attack to its IT network.

"IT specialists are working to resolve the matter as quickly as possible.

"As a precaution, NHS Lanarkshire is closing down its non-essential networked IT systems on a temporary basis.

"All our sites remain open, however, we are appealing to members of the public only to attend hospital for emergency treatment during this period."

NHS staff in plea for public support

Frances Dodd, Nurse Director for Acute Services at NHS Lanarkshire tweeted a message calling for public support.

She said: "We are working very hard to resolve this situation as quickly as possible and return our systems to normal as quickly as possible.

"But we would urge the support of the public at this time to really help us in trying to mitigate and reduce the risk."

She also told BBC Scotland that staff were unable to access patients' medical histories, so urged anyone going into North Lanarkshire's Wishaw, Monklands and Hairmyres hospitals this weekend to take all their medication with them.

NHS Greater Glasgow and Clyde said four GP practices had experienced disruption to their IT systems but elsewhere it was unaffected.

NHS Tayside said 10 GP practices in the region, which were not using an NHS Tayside IT system, were having problems.

A spokeswoman said: "No NHS Tayside systems or hospital sites have been affected by today's UK-wide cyber attack. There is no impact on NHS Tayside's emergency departments or out-of-hours service.

"However, we are aware that the IT systems at 10 GP practices across Tayside, which operate on a non-NHS Tayside system, have been affected. Our eHealth team is working with the GPs to resolve the issue as soon as possible."

Analysis - What is ransomware?

Media caption,
Technology explained: what is ransomware?

By Chris Baraniuk, BBC technology reporter

Software that locks a computer and demands payment before allowing access again - ransomware - is one of the world's biggest growing cyber-threats.

It certainly looks like that is what has hit the NHS in this case - and one IT firm says 11 of its NHS customers have been affected.

Screenshots shared online purportedly from NHS staff, show a program demanding $300 (£230) in Bitcoin that looks similar to ransomware known as WannaCryptor or WCry.

There's no indication of who is behind the attack yet, nor do we know exactly how it infected NHS systems.

But hospitals have been targeted with similar software before - it struck three US hospitals last year.

NHS Borders said three community sites had been affected.

A spokesman said: "The networks have been isolated, software has been shut down and there is no immediate risk to patient care or confidentiality.

"All other NHS Borders services are currently operating as normal."

A spokesman for NHS Dumfries and Galloway said: "Three GP practices have been initially affected and we are taking precautionary measures to prevent any others being affected."

He declined the name the practices involved and said the board was "comfortable and confident" with the steps taken but added "we don't know what we're dealing with".

He added: "We are monitoring the situation here as are all health boards in Scotland."

NHS Fife said the attack had affected "a small non-operational area" of its system.

Patient records

A spokeswoman said: "This area has been isolated and taken off the network.

"Staff continue to be able to access patient records and clinical systems are unaffected. It is important to note that out of hours services remain open and available as normal and patient care is unaffected.

"We have taken guidance from Scottish government on how to protect ourselves from any spread and we are also undertaking further preventative work."

Western Isles health board reported some disruption, though the extent was not clear.

NHS Forth Valley confirmed that some of its services had also been affected.

In a statement the health board said: "We can confirm that a small number of GP and dental practices in the Forth Valley area have experienced disruption to their it systems which may be linked to the wider IT issues affecting parts of NHS England.

"Steps have been taken to isolate their IT systems to minimise the risk of any virus spreading to other parts of the NHS.

"The practices affected remain open and have put in place contingency arrangements."

Image source, Getty Images
Image caption,
Cyber criminals are demanding payment in the online bitcoin currency to unlock computer systems

An NHS Western Isles spokeswoman said: "We can confirm that we have been affected but can't confirm to what extent at the moment.

"We do have systems in place to cover all emergencies."

Meanwhile, ScottishPower said that it had taken measures to ensure its IT services were not affected.

A spokesman said: "Due to an issue at an external company, ScottishPower has taken precautionary steps to ensure that our IT systems are fully secure. We continue to monitor the situation."

In England, GP surgeries and hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire were among those whose computer systems were affected.

Staff were unable to access patient data, which has been encrypted by ransomware that hit NHS networks.

There was no evidence patient data had been compromised.

Are you a staff or a patient in the NHS? Have you been affected by this? If you are willing to do so, share with us by emailing haveyoursay@bbc.co.uk.

Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways:

Related Internet Links

The BBC is not responsible for the content of external sites.