This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/society/live/2017/may/12/england-hospitals-cyber-attack-nhs-live-updates
The article has changed 42 times. There is an RSS feed of changes available.
Previous version
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
Next version
| Version 1 | Version 2 |
|---|---|
| Global cyber-attack: NHS services among victims – live updates | Global cyber-attack: NHS services among victims – live updates |
| (35 minutes later) | |
| 7.50pm BST | |
| 19:50 | |
| The Agence France-Presse news agency reports that, in Spain, employees at the telecom giant Telefónica were told to shut down their workstations immediately through megaphone announcements as the attack spread. | |
| Forcepoint Security Labs said that “a major malicious email campaign” consisting of nearly five million emails per hour was spreading the new ransomware. | |
| The group said in a statement that the attack had “global scope”, affecting organisations in Australia, Belgium, France, Germany, Italy and Mexico. | |
| 7.44pm BST | |
| 19:44 | |
| Some more quotes from the prime minister. She has told reporters: | |
| I think what is important is that we have recognised that increasingly we need to be aware of the need to address cyber security issues, that’s why the National Cyber Security Centre has been set up. It is now able to work with the NHS to support the organisations concerned and to ensure that patient safety is protected. | |
| 7.36pm BST | |
| 19:36 | |
| After the prime minister said she was “not aware of any evidence that patient data has been compromised”, Ross Anderson, a professor of security engineering at Cambridge university, advises caution. | |
| The NHS are saying that patient privacy hasn’t been compromised, but if significant numbers of hospitals have been negligently running unpatched computers for two months after the patch came out, how do they know? | |
| 7.24pm BST | 7.24pm BST |
| 19:24 | 19:24 |
| Some more on that statement from the prime minister, Theresa May, who says: | Some more on that statement from the prime minister, Theresa May, who says: |
| We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack. | We are aware that a number of NHS organisations have reported that they have suffered from a ransomware attack. |
| This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected. | This is not targeted at the NHS, it’s an international attack and a number of countries and organisations have been affected. |
| The National Cyber Security Centre is working closely with NHS Digital to ensure that they support the organisations concerned and that they protect patient safety. | |
| And we are not aware of any evidence that patient data has been compromised. | And we are not aware of any evidence that patient data has been compromised. |
| Of course, it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected. | Of course, it is important that we have set up the National Cyber Security Centre and they are able to work with the NHS organisations concerned and to ensure that they are supported and patient safety is protected. |
| Updated | Updated |
| at 7.30pm BST | |
| 7.21pm BST | 7.21pm BST |
| 19:21 | 19:21 |
| There are reports around that as many as 40 NHS organisations have been hit by the cyber-attack. NHS Digital says it is not going to confirm the number until tomorrow. | |
| Updated | Updated |
| at 7.33pm BST | |
| 7.08pm BST | 7.08pm BST |
| 19:08 | 19:08 |
| May: attack is international | May: attack is international |
| The cyber-attack that has hit the NHS is part of a wider international attack, the prime minister Theresa May has confirmed. | The cyber-attack that has hit the NHS is part of a wider international attack, the prime minister Theresa May has confirmed. |
| She said there is no evidence that patient data had been compromised. | She said there is no evidence that patient data had been compromised. |
| Updated | Updated |
| at 7.11pm BST | at 7.11pm BST |
| 7.02pm BST | 7.02pm BST |
| 19:02 | 19:02 |
| Vikram Dodd | Vikram Dodd |
| One expert who has worked closely with law enforcement says this would be seen as an attack on critical national infrastructure. He says investigators will be examining systems affected by the ransomware to see how badly they are affected and whether they, in turn, can or already have infected other computer systems connected to them. | One expert who has worked closely with law enforcement says this would be seen as an attack on critical national infrastructure. He says investigators will be examining systems affected by the ransomware to see how badly they are affected and whether they, in turn, can or already have infected other computer systems connected to them. |
| He adds that the fear is that the ransonware cannot be broken and thus data and files infected are either lost or that the only way to get them back would be to pay the ransom, which would involve giving money to criminals. | He adds that the fear is that the ransonware cannot be broken and thus data and files infected are either lost or that the only way to get them back would be to pay the ransom, which would involve giving money to criminals. |
| If the systems hit by the attack are backed up properly, the infected files can be junked with minimal loss. But ransomware can also drive through systems and hunt down back-up files if they are stored on a system connected to the internet and to the computers originally attacked. | If the systems hit by the attack are backed up properly, the infected files can be junked with minimal loss. But ransomware can also drive through systems and hunt down back-up files if they are stored on a system connected to the internet and to the computers originally attacked. |
| Law enforcement believe that organised crime groups rent out ransomware for short periods so criminals can stage attacks, and organise themselves like a commercial firm: “This is a cash raising business.” | Law enforcement believe that organised crime groups rent out ransomware for short periods so criminals can stage attacks, and organise themselves like a commercial firm: “This is a cash raising business.” |
| Updated | Updated |
| at 7.08pm BST | at 7.08pm BST |
| 7.00pm BST | 7.00pm BST |
| 19:00 | 19:00 |
| Vikram Dodd | Vikram Dodd |
| One question arising from the attack on a sector of critical national infrastructure is whether the government has a policy on paying ransom to cyber hackers. | One question arising from the attack on a sector of critical national infrastructure is whether the government has a policy on paying ransom to cyber hackers. |
| British government policy in the case of a terrorist attack or of the taking of a person hostage is clear: ransom will not be paid. But it is not clear if a policy exists for the 21st-century cyber equivalent. The lead agency dealing with the attack on the NHS is the National Cyber Security Centre, an arm of GCHQ. | British government policy in the case of a terrorist attack or of the taking of a person hostage is clear: ransom will not be paid. But it is not clear if a policy exists for the 21st-century cyber equivalent. The lead agency dealing with the attack on the NHS is the National Cyber Security Centre, an arm of GCHQ. |
| Updated | Updated |
| at 7.02pm BST | at 7.02pm BST |
| 6.57pm BST | 6.57pm BST |
| 18:57 | 18:57 |
| The New York Times is reporting that 12 countries, including the UK, have been affected. | The New York Times is reporting that 12 countries, including the UK, have been affected. |
| It reports that the attack struck “computers across a wide swath of Europe and Asia”, saying that Japan, Russia, Turkey, Vietnam and the Philippines are among those affected. | It reports that the attack struck “computers across a wide swath of Europe and Asia”, saying that Japan, Russia, Turkey, Vietnam and the Philippines are among those affected. |
| Updated | Updated |
| at 7.03pm BST | at 7.03pm BST |
| 6.51pm BST | 6.51pm BST |
| 18:51 | 18:51 |
| Prof Alan Woodward, a security expert from the University of Surrey, says the attackers appear to have taken advantage of a chink in the armour of Microsoft XP that was exposed in a recent leak of CIA hacking tools. | Prof Alan Woodward, a security expert from the University of Surrey, says the attackers appear to have taken advantage of a chink in the armour of Microsoft XP that was exposed in a recent leak of CIA hacking tools. |
| He says the problem may have been exacerbated because organisations have not updated their software with the fixes made available, or are using outdated versions. | He says the problem may have been exacerbated because organisations have not updated their software with the fixes made available, or are using outdated versions. |
| From what we can see, it is a piece of ransomware called wanna decryptor. It goes by other names but it emerged in February 2017. Since then, it has been modified and there is evidence that it is spreading using a flaw in the Microsoft network protocol called SMB, which was exposed in the recent dump of exploits that were allegedly from US intelligence agencies. | From what we can see, it is a piece of ransomware called wanna decryptor. It goes by other names but it emerged in February 2017. Since then, it has been modified and there is evidence that it is spreading using a flaw in the Microsoft network protocol called SMB, which was exposed in the recent dump of exploits that were allegedly from US intelligence agencies. |
| It is not just the NHS affected: reports suggest it is a global problem. The virulence is likely to be because some organisations have either not applied the patch released by Microsoft, or they are using outdated operating systems (such as XP) that are no longer supported by Microsoft and hence no patch exists. | It is not just the NHS affected: reports suggest it is a global problem. The virulence is likely to be because some organisations have either not applied the patch released by Microsoft, or they are using outdated operating systems (such as XP) that are no longer supported by Microsoft and hence no patch exists. |
| My concern is that this isn’t the last of this type of attack. Since the dump of the exploits earlier this year, it was obvious that someone was going to enhance their ransomware (or some other form of malware) using the SMB flaw to allow the malware to spread across large networks once a foothold had been established. The disappointing aspect of this is that the patch has been around since March but many organisations have clearly not applied to patch or, worse, they are on something such as XP which is no longer supported and hence cannot be patched. | My concern is that this isn’t the last of this type of attack. Since the dump of the exploits earlier this year, it was obvious that someone was going to enhance their ransomware (or some other form of malware) using the SMB flaw to allow the malware to spread across large networks once a foothold had been established. The disappointing aspect of this is that the patch has been around since March but many organisations have clearly not applied to patch or, worse, they are on something such as XP which is no longer supported and hence cannot be patched. |
| Wanna Decryptor is actually just a reincarnation of wcry (I first saw it in Feb 2017) but it has been enhanced using the SMB/eternalblue exploit to spread more easily. The concern is that even once this attack dies down it won’t be the only ransomware that has been enhanced in this way. The result is inevitable. | Wanna Decryptor is actually just a reincarnation of wcry (I first saw it in Feb 2017) but it has been enhanced using the SMB/eternalblue exploit to spread more easily. The concern is that even once this attack dies down it won’t be the only ransomware that has been enhanced in this way. The result is inevitable. |
| This is not about having some fancy technology in place to protect yourself. It is about the basics: use supported software and keep it updated. | This is not about having some fancy technology in place to protect yourself. It is about the basics: use supported software and keep it updated. |
| Updated | Updated |
| at 6.53pm BST | at 6.53pm BST |
| 6.34pm BST | 6.34pm BST |
| 18:34 | 18:34 |
| NHS England have released an updated statement. Dr Anne Rainsberry, the NHS incident director, said: | NHS England have released an updated statement. Dr Anne Rainsberry, the NHS incident director, said: |
| We’d like to reassure patients that if they need the NHS and it’s an emergency that they should visit A&E or access emergency services in the same way as they normally would and staff will ensure they get the care they need. | We’d like to reassure patients that if they need the NHS and it’s an emergency that they should visit A&E or access emergency services in the same way as they normally would and staff will ensure they get the care they need. |
| More widely, we ask people to use the NHS wisely while we deal with this major incident, which is still ongoing. NHS Digital are investigating the incident and across the NHS we have tried and tested contingency plans to ensure we are able to keep the NHS open for business. | More widely, we ask people to use the NHS wisely while we deal with this major incident, which is still ongoing. NHS Digital are investigating the incident and across the NHS we have tried and tested contingency plans to ensure we are able to keep the NHS open for business. |
| 6.31pm BST | 6.31pm BST |
| 18:31 | 18:31 |
| Here’s a little background from my colleagues Damien Gayle, Alexandra Topping and Sarah Marsh. They report the situation as it stood at about 5pm today: | Here’s a little background from my colleagues Damien Gayle, Alexandra Topping and Sarah Marsh. They report the situation as it stood at about 5pm today: |
| Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients. | Hospitals across England have been hit by a large-scale cyber-attack, the NHS has confirmed, which has locked staff out of their computers and forced many trusts to divert emergency patients. |
| The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS England has declared a major incident. NHS Digital said it was aware of the problem and would release more details soon. | The IT systems of NHS sites across the country appear to have been simultaneously hit, with a pop-up message demanding a ransom in exchange for access to the PCs. NHS England has declared a major incident. NHS Digital said it was aware of the problem and would release more details soon. |
| Details of patient records and appointment schedules, as well as internal phone lines and emails, have all been rendered inaccessible. | Details of patient records and appointment schedules, as well as internal phone lines and emails, have all been rendered inaccessible. |
| It is now thought that some services in Scotland have also been hit, with three GP surgeries in Dumfries and Galloway reporting being affected. | It is now thought that some services in Scotland have also been hit, with three GP surgeries in Dumfries and Galloway reporting being affected. |
| 6.25pm BST | 6.25pm BST |
| 18:25 | 18:25 |
| The NHS has declared a major incident after it was hit by a cyber attack that is thought to have affected services across England and Scotland. Staff have been locked out of their computers and many trusts have been forced to divert emergency patients. | The NHS has declared a major incident after it was hit by a cyber attack that is thought to have affected services across England and Scotland. Staff have been locked out of their computers and many trusts have been forced to divert emergency patients. |
| We’ll be updating you here as this story develops. | We’ll be updating you here as this story develops. |
| Meanwhile, my colleague Alex Hern and Samuel Gibbs have prepared a Q&A on the attack. | Meanwhile, my colleague Alex Hern and Samuel Gibbs have prepared a Q&A on the attack. |