Most of NHS ‘back to normal’ after unprecedented cyberattack

A half-dozen regional health-care trusts in Britain remained sidelined Saturday a day after one-in-five National Health Service (NHS) trusts were affected by an unprecedented, international cyberattack.

A total of 48 of the 248 NHS trusts were impacted by Friday’s cyberattacks, U.K. Home Secretary Amber Rudd said following a Saturday afternoon meeting of COBRA, the British government’s crisis response committee.

“Of the 48 that have been impacted, most of them are back to normal course of business, so only six of them have some limits on their business,” Ms. Rudd told Sky News on Saturday.

“I’d like to commend the work that NHS staff have done to ensure the hospitals and patient surgeries continue to run smoothly,” said Ms Rudd. “In fact, 97 percent of the NHS trusts and hospitals… are working as normal.”

In addition to Britain’s government-funded hospital system, organizations in dozens of countries were abruptly saddled Friday after a wide-scale cyberattack resulted in vulnerable Microsoft Windows computers becoming infected with ransomware, a type of malicious software designed to render affected computers inoperable until a ransom is paid to the party responsible.

Asked by the BBC on Saturday, Mr. Rudd declined to answer unequivocally whether patient data had been properly backed-up before Friday’s cyberattack.

“I hope the answer is yes, that is the instructions that everybody has received in the past,” she told BBC Breakfast. “That is good cyber defense, but I expect, and we will find out over the next few days if there are any holes in that.”

“There’s always more we can all do to make sure we’re secure against viruses, but I think there have already been good preparations in place by the NHS to make sure they were ready for this sort of attack,” she told Sky News afterwards.

Speaking to The Guardian, however, a spokesperson for the NHS’s digital component on Saturday said a number of computers used by the agency still run Windows XP — a legacy operating system no longer supported by Microsoft and rife with security vulnerabilities.

“It is disappointing that they have been running Windows XP — I know that the Secretary of State for Health has instructed them not to and most have moved off it,” Ms. Rudd told Sky News afterwards.

Doctors across the U.K. resorted to using pen and paper Friday as a result of the ransomware infection, the British Medical Association said in a statement, while other reports indicated X-ray machines and other hardware were briefly rendered inoperable.

“We need to quickly establish what went wrong to prevent this happening again and questions must also asked about whether inadequate investment in NHS information systems has left it vulnerable to such an attack,” Dr Mark Porter, BMA council chairman, told The Guardian.

The NHS is hardly the only health care system to have had its computer networks exploited by hackers, however. Cyber-extortionists last year harnessed a nine-year-old bug to breach the computer systems of MedStar Health, a hospital chain servicing Washington, D.C., compromising computers at dozens of hospitals and clinics throughout the region.

Ransomware infections increased by 36 percent in 2016 over the year before, security firm Symantec said last month.