NHS services in Scotland have been hit by a cyber-attack which has also disrupted health services in England. NHS Lanarkshire closed down its non-essential IT network and urged patients only to attend A&E in an emergency. The other health boards known to be affected are NHS Glasgow, Dumfries and Galloway, Forth Valley, Tayside and Western Isles.
The First Minister will chair a meeting of the Scottish Government’s resilience committee to review the situation. Health Secretary Shona Robison said: “We are aware of a number of health boards affected by potential cyber incidents and the first minister will chair a resilience meeting shortly. Scottish Government health officials are currently working closely with affected boards to assess the extent of the problem, and take steps to isolate affected systems, which have been affected by a ransomware cyber-attack of the kind which has also affected health trusts in NHS England.
Robison added: “We are taking immediate steps to minimise the impact of the attack across NHS Scotland and restrict any disruption. Our priority is to ensure that boards are supported to deal with this incident swiftly, and that services to patients can continue to run effectively.”
At least six health boards across Scotland confirmed some level of disruption. Lanarkshire Health Board said in a statement: “NHS Lanarkshire, along with other boards across the UK, is currently experiencing ransomware attack to its IT network. IT specialists are working to resolve the matter as quickly as possible. As a precaution, NHS Lanarkshire is closing down its non-essential networked IT systems on a temporary basis. All our sites remain open, however, we are appealing to members of the public only to attend hospital for emergency treatment during this period.”
NHS Greater Glasgow and Clyde said four GP practices had experienced disruption to their IT systems but elsewhere it was unaffected. NHS Tayside said 10 GP practices in the region, which were not using an NHS Tayside IT system, were having problems. A spokeswoman said: “No NHS Tayside systems or hospital sites have been affected by today’s UK-wide cyber attack. There is no impact on NHS Tayside’s emergency departments or out-of-hours service. However, we are aware that the IT systems at 10 GP practices across Tayside, which operate on a non-NHS Tayside system, have been affected. Our eHealth team is working with the GPs to resolve the issue as soon as possible.”
Reuters reported that hospitals and doctors’ surgeries across England were forced to turn away patients and cancel appointments after ‘ransomware’ cyber attack crippled some computer systems. The NHS said 16 organisations had been affected by the cyber attack but said it had not been specifically targeted. No patient data was believed to have been accessed by the ransomware attack but it was unclear whether it had impacted any emergency cases.
A reporter from the Health Service Journal said the attack had affected X-ray imaging systems, pathology test results, phone systems and patient administration systems. The Barts Health group, which manages major central London hospitals including The Royal London and St Bartholomew’s, said it had activated a major incident plan and had canceled routine appointments. “We are experiencing a major IT disruption and there are delays at all of our hospitals,” it said. “Ambulances are being diverted to neighboring hospitals.”
Britain’s National Cyber Security Centre, part of the GCHQ spy agency, said it was aware of a cyber incident and was working with NHS Digital and the police to investigate. Spain’s Government said a large number of companies, including telecommunications giant Telefonica, had been attacked by with ransomware.