This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/society/live/2017/may/12/england-hospitals-cyber-attack-nhs-live-updates
The article has changed 42 times. There is an RSS feed of changes available.
Previous version
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
Next version
| Version 23 | Version 24 |
|---|---|
| Ransomware attack hits 99 countries with UK hospitals among targets – live updates | Ransomware attack hits 99 countries with UK hospitals among targets – live updates |
| (35 minutes later) | |
| 9.30am BST | 9.30am BST |
| 09:30 | 09:30 |
| Amber Rudd admits there is chance not all NHS files are backed up | |
| Amber Rudd told BBC Breakfast she could not confirm that all NHS files are backed up. She said: | |
| I hope the answer is yes, that is the instructions that everybody has received in the past. That is good cyber defence, but I expect, and we will find out over the next few days if there are any holes in that. | |
| There may be lessons to learn from this but the most important thing now is to disrupt the attack, let’s come back to afterwards whether there are lessons to be learned. | |
| Rudd later told Sky News: “It is disappointing that they [the NHS] have been running Windows XP - I know that the secretary of state for health has instructed them not to and most have moved off it.” | |
| She added: “Where the patient data has been properly backed up, which has been in most cases, work can continue as normal because the patient data can be downloaded and people can continue with their work.” | She added: “Where the patient data has been properly backed up, which has been in most cases, work can continue as normal because the patient data can be downloaded and people can continue with their work.” |
| Now, if only someone could find that extra £350 million a week they promised for the NHS... | Now, if only someone could find that extra £350 million a week they promised for the NHS... |
| Updated | |
| at 9.36am BST | |
| 9.23am BST | 9.23am BST |
| 09:23 | 09:23 |
| G7 finance ministers turned their focus today to combating cyber crime in what Italy’s Pier Carlo Padoan described as an “unfortunately very timely” discussion, AFP reports. | G7 finance ministers turned their focus today to combating cyber crime in what Italy’s Pier Carlo Padoan described as an “unfortunately very timely” discussion, AFP reports. |
| The ministers from the group of seven wealthy democracies will say that cyber incidents represent a growing threat to their economies and that tackling them should be a priority, Italian officials said. | The ministers from the group of seven wealthy democracies will say that cyber incidents represent a growing threat to their economies and that tackling them should be a priority, Italian officials said. |
| The talks, scheduled before Friday’s events, focused particularly on the potential threat to the global financial system in the event of hackers being able to infiltrate the computer systems that run the global banking system, capital and equity markets. | The talks, scheduled before Friday’s events, focused particularly on the potential threat to the global financial system in the event of hackers being able to infiltrate the computer systems that run the global banking system, capital and equity markets. |
| The ministers, who also discussed inequality, and transnational tax evasion during their two-day review of the world economy, were due to wrap up their talks at lunchtime. | The ministers, who also discussed inequality, and transnational tax evasion during their two-day review of the world economy, were due to wrap up their talks at lunchtime. |
| “We are agreed on many things ... including on the fight against cyber crime which is unfortunately very timely,” Padoan said on his arrival for Sunday’s closing session. | “We are agreed on many things ... including on the fight against cyber crime which is unfortunately very timely,” Padoan said on his arrival for Sunday’s closing session. |
| 9.18am BST | 9.18am BST |
| 09:18 | 09:18 |
| The UK National Cyber Security Centre is sharing advice on how to prevent a ransomware hack and what to do if you’ve been targeted. | The UK National Cyber Security Centre is sharing advice on how to prevent a ransomware hack and what to do if you’ve been targeted. |
| How to prevent a ransomware incident and what to do if your organisation is infected https://t.co/YSmFYATtAK pic.twitter.com/NhdC5fIWWG | How to prevent a ransomware incident and what to do if your organisation is infected https://t.co/YSmFYATtAK pic.twitter.com/NhdC5fIWWG |
| 9.09am BST | 9.09am BST |
| 09:09 | 09:09 |
| The Scottish government has said it is working closely with health officials following the hack of 11 of Scotland’s 14 NHS health boards. | The Scottish government has said it is working closely with health officials following the hack of 11 of Scotland’s 14 NHS health boards. |
| Scottish health secretary Shona Robison, who chaired a Scottish government resilience meeting earlier this morning, said work to fix the systems had entered a “recovery phase”. She told the BBC’s Good Morning Scotland programme: | Scottish health secretary Shona Robison, who chaired a Scottish government resilience meeting earlier this morning, said work to fix the systems had entered a “recovery phase”. She told the BBC’s Good Morning Scotland programme: |
| People are working very, very hard and have worked through the night. The update I’ve got this morning is that we’re very much into recovery phase now, with a lot of work going on to get systems back up running. | People are working very, very hard and have worked through the night. The update I’ve got this morning is that we’re very much into recovery phase now, with a lot of work going on to get systems back up running. |
| The GP systems, which of course were the main problem across our health boards - work is going on, and there is a level of confidence that many will be back up and running before GP surgeries open on Monday morning. | The GP systems, which of course were the main problem across our health boards - work is going on, and there is a level of confidence that many will be back up and running before GP surgeries open on Monday morning. |
| Robison added that there has been no detection of breach to patient confidentiality “so patients should be reassured by that”. | Robison added that there has been no detection of breach to patient confidentiality “so patients should be reassured by that”. |
| 8.58am BST | 8.58am BST |
| 08:58 | 08:58 |
| NHS trusts unaffected by the hack are taking precautionary measures. | NHS trusts unaffected by the hack are taking precautionary measures. |
| We have not been affected by the #nhscyberattack but have switched off inbound external emails for precaution and will review on Monday. | We have not been affected by the #nhscyberattack but have switched off inbound external emails for precaution and will review on Monday. |
| 8.46am BST | 8.46am BST |
| 08:46 | 08:46 |
| Here’s some more from the home secretary’s media round this morning, in which she’s giving very few details about the investigation into the attack. | Here’s some more from the home secretary’s media round this morning, in which she’s giving very few details about the investigation into the attack. |
| Rudd said the attack “feels random in terms of where it’s gone to and where it’s been opened”, but said the authorities did not yet know where it had originated. | Rudd said the attack “feels random in terms of where it’s gone to and where it’s been opened”, but said the authorities did not yet know where it had originated. |
| She added: “Windows XP is not a good platform for keeping your data as secure as the modern ones, because you can’t download the effective patches and anti-virus software for defending against viruses. | She added: “Windows XP is not a good platform for keeping your data as secure as the modern ones, because you can’t download the effective patches and anti-virus software for defending against viruses. |
| “CQC (Care Quality Commission) does do cyber checks on the NHS trusts, on hospitals when they do their visits, and they will be advising NHS trusts to move to modernise their platforms and I think that after this experience, I would expect them all to move forward with modernising.” | “CQC (Care Quality Commission) does do cyber checks on the NHS trusts, on hospitals when they do their visits, and they will be advising NHS trusts to move to modernise their platforms and I think that after this experience, I would expect them all to move forward with modernising.” |
| Rudd said the UK was a world leader in cyber security, adding: “So far, all we have seen is patients inconvenienced, some hospitals, some doctors making changes to their daily life. | Rudd said the UK was a world leader in cyber security, adding: “So far, all we have seen is patients inconvenienced, some hospitals, some doctors making changes to their daily life. |
| “But the fact is no data has yet been accessed and the NHS are brilliantly managing to weave through this disruption.” | “But the fact is no data has yet been accessed and the NHS are brilliantly managing to weave through this disruption.” |
| 8.19am BST | 8.19am BST |
| 08:19 | 08:19 |
| NHS must upgrade software - Amber Rudd | NHS must upgrade software - Amber Rudd |
| Amber Rudd, the home secretary, has been responding to the attack on BBC Radio 4’s Today programme. | Amber Rudd, the home secretary, has been responding to the attack on BBC Radio 4’s Today programme. |
| “We are not able to tell you who is behind that attack,” she said. “That work is still ongoing. We don’t know anymore about where it has come from at the moment. We know it has affected up to 100 countries and it wasn’t targeted at the NHS. | “We are not able to tell you who is behind that attack,” she said. “That work is still ongoing. We don’t know anymore about where it has come from at the moment. We know it has affected up to 100 countries and it wasn’t targeted at the NHS. |
| “We know from the information we have on the type of virus that it feels random about where it has gone to and where it was opened. It is the type of virus that works particularly effectively between systems that are connected to each other so it is more likely to impact larger organisations than individuals. No patient data has been accessed or transferred in any way, thats the information we’ve been given.” | “We know from the information we have on the type of virus that it feels random about where it has gone to and where it was opened. It is the type of virus that works particularly effectively between systems that are connected to each other so it is more likely to impact larger organisations than individuals. No patient data has been accessed or transferred in any way, thats the information we’ve been given.” |
| She added that she expected to see the NHS update its computer systems in the wake of the attack, following reports that the organisation may have been made vulnerable by running outdated Microsoft software. | She added that she expected to see the NHS update its computer systems in the wake of the attack, following reports that the organisation may have been made vulnerable by running outdated Microsoft software. |
| “I expect NHS trusts to learn from this and make sure they do upgrade,” Rudd said. | “I expect NHS trusts to learn from this and make sure they do upgrade,” Rudd said. |
| 8.18am BST | 8.18am BST |
| 08:18 | 08:18 |
| Microsoft said its decision to make the software patch available to all was “made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind”. | Microsoft said its decision to make the software patch available to all was “made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind”. |
| It warned that some of the attacks relied on common phishing tactics and urged customers to be vigilant when opening documents from untrusted or unknown sources. | It warned that some of the attacks relied on common phishing tactics and urged customers to be vigilant when opening documents from untrusted or unknown sources. |
| 8.11am BST | 8.11am BST |
| 08:11 | 08:11 |
| Microsoft has released a solution for all Windows users, regardless of whether they are supported or not. The corporation said it was “painful” to see how businesses and individuals had been affected by the attack. | Microsoft has released a solution for all Windows users, regardless of whether they are supported or not. The corporation said it was “painful” to see how businesses and individuals had been affected by the attack. |
| Microsoft releases #WannaCrypt protection for out-of-support products Windows XP, Windows 8, & Windows Server 2003: https://t.co/ZgINDXAdCj | Microsoft releases #WannaCrypt protection for out-of-support products Windows XP, Windows 8, & Windows Server 2003: https://t.co/ZgINDXAdCj |
| Updated | Updated |
| at 8.12am BST | at 8.12am BST |
| 7.42am BST | 7.42am BST |
| 07:42 | 07:42 |
| Summary | Summary |
| If you’re just joining us, here’s what we know so far about Friday’s cyber-attack that has affected countries and organisations across the globe: | If you’re just joining us, here’s what we know so far about Friday’s cyber-attack that has affected countries and organisations across the globe: |
| A global ransomware attack has hit the UK’s National Health Service hardest, forcing hospitals to cancel operations and divert ambulances and rendering documents such as patient records and x-rays unavailable. The National Cyber Security Centre says teams are “working round the clock” to bring systems back online. NHS Digital and prime minister Theresa May say there is no evidence patient data has been accessed. | A global ransomware attack has hit the UK’s National Health Service hardest, forcing hospitals to cancel operations and divert ambulances and rendering documents such as patient records and x-rays unavailable. The National Cyber Security Centre says teams are “working round the clock” to bring systems back online. NHS Digital and prime minister Theresa May say there is no evidence patient data has been accessed. |
| Thousands of patients across England and Scotland are stuck in limbo, with parents of newborns unable to take them home. The service will doubtless face a weekend of delays and non-emergency patients have been urged to use health facilities frugally. | Thousands of patients across England and Scotland are stuck in limbo, with parents of newborns unable to take them home. The service will doubtless face a weekend of delays and non-emergency patients have been urged to use health facilities frugally. |
| A security expert has been hailed an “accidental hero” for his role in halting the spread of the WanaCrypt0r 2.0 bug. The man behind the @MalwareTechBlog Twitter account is reported to have simply paid a few dollars to register a domain name that, once active, performs the role of a “kill switch” that deactivates the malware in its current form. | A security expert has been hailed an “accidental hero” for his role in halting the spread of the WanaCrypt0r 2.0 bug. The man behind the @MalwareTechBlog Twitter account is reported to have simply paid a few dollars to register a domain name that, once active, performs the role of a “kill switch” that deactivates the malware in its current form. |
| Tens of thousands of attacks were registered in 99 countries. Russia, Ukraine, India and Taiwan initially appeared to be most hard hit, though details are yet to emerge. Russia said 1,000 computers at its interior ministry were affected. | Tens of thousands of attacks were registered in 99 countries. Russia, Ukraine, India and Taiwan initially appeared to be most hard hit, though details are yet to emerge. Russia said 1,000 computers at its interior ministry were affected. |
| The malicious software asks for a $300 (£233) ransom per machine to be paid in cryptocurrency Bitcoin to unlock computers. Some payments are reported to have been made. | The malicious software asks for a $300 (£233) ransom per machine to be paid in cryptocurrency Bitcoin to unlock computers. Some payments are reported to have been made. |
| The bug appears to originate from a malware dump made by a group called Shadow Brokers, which claim to have stolen a cache of “cyber weapons” from the National Security Agency (NSA). | The bug appears to originate from a malware dump made by a group called Shadow Brokers, which claim to have stolen a cache of “cyber weapons” from the National Security Agency (NSA). |
| In Spain, megaphone announcements told employees at telecom giant Telefónica to close their workstations immediately while the attack spread. | In Spain, megaphone announcements told employees at telecom giant Telefónica to close their workstations immediately while the attack spread. |
| Scotland reported that 11 health boards and its ambulance service attacked. | Scotland reported that 11 health boards and its ambulance service attacked. |
| Whistleblower Edward Snowden blamed the NSA, saying: “If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened.” | Whistleblower Edward Snowden blamed the NSA, saying: “If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened.” |
| FedEx also announced it was affected and said it was “implementing remediation steps as quickly as possible”. | FedEx also announced it was affected and said it was “implementing remediation steps as quickly as possible”. |
| Read the Guardian’s full report on the attack here: | Read the Guardian’s full report on the attack here: |
| Updated | Updated |
| at 8.10am BST | at 8.10am BST |
| 7.18am BST | 7.18am BST |
| 07:18 | 07:18 |
| The security expert credited with halting the spread of the bug – at least in its current iteration – might have quite a busy weekend by the looks of it. | The security expert credited with halting the spread of the bug – at least in its current iteration – might have quite a busy weekend by the looks of it. |
| *finishes reading notifications**refreshes page* pic.twitter.com/EHjMpMOU0e | *finishes reading notifications**refreshes page* pic.twitter.com/EHjMpMOU0e |
| Updated | Updated |
| at 7.22am BST | at 7.22am BST |
| 6.44am BST | 6.44am BST |
| 06:44 | 06:44 |
| Here is a fuller read on the plight of the NHS as we enter day two of the crisis for the organisation, which appears by far the biggest victim of the cyber-attack. | Here is a fuller read on the plight of the NHS as we enter day two of the crisis for the organisation, which appears by far the biggest victim of the cyber-attack. |
| Patients at hospitals and GP surgeries in England and Scotland will face a weekend of disruption, as delays that began on Friday spill over into the weekend. | Patients at hospitals and GP surgeries in England and Scotland will face a weekend of disruption, as delays that began on Friday spill over into the weekend. |
| The shadow health secretary Jonathan Ashworth urged the government to be “clear about what’s happened”, describing the attack as “terrible news and a real worry for patients”. | The shadow health secretary Jonathan Ashworth urged the government to be “clear about what’s happened”, describing the attack as “terrible news and a real worry for patients”. |
| 5.52am BST | 5.52am BST |
| 05:52 | 05:52 |
| The notoriously difficult process of tracking down the source of the attack begins. | The notoriously difficult process of tracking down the source of the attack begins. |
| Ciaran Martin, the head of the UK’s cyber security agency, told the BBC on Friday night: “It’s important to understand that cyber attacks can be different from other forms of crime in that their sometimes highly technical and anonymous nature means it can take some time to understand how it worked, who was behind it and what the impact is.” | Ciaran Martin, the head of the UK’s cyber security agency, told the BBC on Friday night: “It’s important to understand that cyber attacks can be different from other forms of crime in that their sometimes highly technical and anonymous nature means it can take some time to understand how it worked, who was behind it and what the impact is.” |
| IP addresses from our sinkhole have been sent to FBI and ShadowServer so affected organisations should get a notification soon. patch ASAP. | IP addresses from our sinkhole have been sent to FBI and ShadowServer so affected organisations should get a notification soon. patch ASAP. |
| 5.48am BST | 5.48am BST |
| 05:48 | 05:48 |
| The malware researcher who helped curtail the spread of the attack has pointed out that escaping this attack does not necessarily safeguard against further, similar attacks. | The malware researcher who helped curtail the spread of the attack has pointed out that escaping this attack does not necessarily safeguard against further, similar attacks. |
| So long as the domain isn't revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again. | So long as the domain isn't revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again. |
| 5.24am BST | 5.24am BST |
| 05:24 | 05:24 |
| Taiwan’s department of cyber security has said the island’s government agencies and hospital systems appear to be so far unaffected by the attack. Taiwan was prominent on the list of places affected by the WanaCrypt0r 2.0 bug. | Taiwan’s department of cyber security has said the island’s government agencies and hospital systems appear to be so far unaffected by the attack. Taiwan was prominent on the list of places affected by the WanaCrypt0r 2.0 bug. |
| However, Howard Jyan, the director general of the government department said there had been no disruption and that Taiwan was ready for any future attacks, adding “We can control the situation.” | However, Howard Jyan, the director general of the government department said there had been no disruption and that Taiwan was ready for any future attacks, adding “We can control the situation.” |
| Meanwhile, Ross Feingold, a Taiwan-based political analyst who advises on Taiwan and Hong Kong political affairs, said: “As the attack commenced on Friday night Taiwan time, many organisations, whether government or private sector, will only know the true impact on Monday morning when personnel return to work, turn on their computers, and possibly click on malware and/or otherwise discover that the organisation is the victim of ransomware.” | Meanwhile, Ross Feingold, a Taiwan-based political analyst who advises on Taiwan and Hong Kong political affairs, said: “As the attack commenced on Friday night Taiwan time, many organisations, whether government or private sector, will only know the true impact on Monday morning when personnel return to work, turn on their computers, and possibly click on malware and/or otherwise discover that the organisation is the victim of ransomware.” |
| “However, it once again demonstrates that Taiwan’s cyber security, as in other areas of its defences, requires ongoing investment in software, hardware, and personnel training so that they can identify suspicious emails in both Chinese and English.” | “However, it once again demonstrates that Taiwan’s cyber security, as in other areas of its defences, requires ongoing investment in software, hardware, and personnel training so that they can identify suspicious emails in both Chinese and English.” |
| Updated | Updated |
| at 5.27am BST | at 5.27am BST |
| 4.46am BST | 4.46am BST |
| 04:46 | 04:46 |
| This malware tracker from MalwareTech gives a map view of where the ransomware struck across the globe. The timeline underneath shows just how quickly it spread, and the sharp dip coincides presumably with the moment the “accidental hero” registered the domain name that halted the attack for the most part. | This malware tracker from MalwareTech gives a map view of where the ransomware struck across the globe. The timeline underneath shows just how quickly it spread, and the sharp dip coincides presumably with the moment the “accidental hero” registered the domain name that halted the attack for the most part. |