York NHS Services hit by cyber-attack

Healthcare providers across the Vale of York area are among the numerous NHS organisations hit by ransomware cyber attacks this Friday, in what NHS England have declared to be a major incident. The attacks have affected Unity Health, York Hospital, and other NHS practices.

The BBC reports that GPs in York have been instructed to turn all computers off to prevent the spread of the malware. However doctors’ surgeries are still open and dealing with patients as hard as they can.

A spokesperson for Unity Health, the on-campus GP practice, has tweeted:

Students may find themselves unable to get an emergency GP appointment due Unity Health’s online consultation booking system. Vale of York CCG  has told Vision that they would advise students to contact NHS 111 who, if appropriate, will arrange an appointment with an Out of Hours GP.

On 15th May Unity Health updated Vision: “E consultations work and are safe – this is the preferred method for students to access Unity Health. We have a full team of nurses on triage today responding to e consultations.”

This comes on May 12th, Nurses’ Day, a day made to highlight the hard work of #nurseheroes, who work around the clock to look after their patients. UoY Nursing Society Treasurer, Amy France, has told York Vision that her placement in York District Hospital today has been a “stressful environment”, where “blood tests couldn’t be ordered, results couldn’t be viewed, so effectively treatment plans couldn’t be completed”. Social Secretary, Niamhy Tait, told Vision that she “thought the computers were just been slow, then the phones went down so discharging patients became nigh on impossible.”

Initial investigations, say NHS Digital, show that this attack, which is not specifically targeted at the NHS, is believed to have come from “malware variant, Wanna Decryptor”. The malware locks computers, and chargers users a ransom for it to be unlocked. The fee charged increases the longer it is unpaid. They add that: “At this stage we do not have any evidence that patient data has been accessed.”

A spokesperson for the National Cyber Security Centre said:
“We are aware of a cyber incident and we are working with NHS Digital and the National Crime Agency to investigate.”

Professor Howard Chive (Courtesy of University of York)
Professor Howard Chivers from the University of York Computer Science Department explains to Vision that Ransomware “renders data unintelligible by encryption”, offering to unscramble data if victims pay a ransom. Professor Chivers comments this is a “very effective way of extracting money from victims, hence their popularity”.

Chivers believes this particular attack is different, noting: “It has become too widespread too quickly to be the sole result of inadvertent infection by users. The rate of infection has more in common with an Internet ‘worm’ –  malware which is able to move from computer to computer without human intervention by exploiting a technical defect in the computer’s software.”

Chivers added that “bespoke systems, with specialised software”, such as the ones used by the NHS, are vulnerable to such attacks as “the cost of updating and retesting such software” means that  “the systems are often marooned on old unsupported operating systems, such as Windows XP.”

Chivers speculates that “this ransomware is spreading by exploiting a technical vulnerability in an obsolete operating system. The original entry to an organisation may be via the Internet (this might suggest a defective system configuration) or by an accidental user ‘click’”. Chivers suspects “once inside, the malware is using a recently-discovered technical attack to spread autonomously.”

UoY IT Services have warned that universities are also vulnerable to similar attacks, advising students:

This is an ongoing news story, and will be updated as more news comes in.
Have you been affected by this attack? Contact [email protected] to share your story.