This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/society/live/2017/may/12/england-hospitals-cyber-attack-nhs-live-updates

The article has changed 42 times. There is an RSS feed of changes available.

Version 25 Version 26
Ransomware cyber-attack hits 99 countries with UK hospitals among targets – live Ransomware cyber-attack hits 99 countries with UK hospitals among targets – live
(35 minutes later)
11.11am BST
11:11
French car maker Renault is the first French firm to be hit by the global cyberattack, management said on Saturday.
“Work is going on since last night. We are doing what is needed to counter this attack,” a spokesperson said.
“The problems were mainly related to France, where some of Renault’s factories also faced a malfunctioning of certain parts of its information system,” she added.
The attack has also halted production at Renault’s Revoz subsidiary in Slovenia after computer systems were hit.
Updated
at 11.19am BST
11.03am BST
11:03
The Guardian’s Samuel Gibbs reported in May 2015 that the Government Digital Service had decided not to continue its £5.5m deal with Microsoft to extend support for Windows XP. That decision left government computers still running on the obsolete operating system at risk from hackers and may be one reason why some NHS trusts fell victim to the attack on Friday.
The service said ending the support meant “weaknesses that are found in unsupported products will remain unpatched and will be exploitable by relatively low-skilled attackers”.
Microsoft withdrew its extended support programme for Windows XP, its 14-year-old operating system, in April 2014. Given the number of Windows XP PCs still being used in government and businesses at the time, Microsoft provided paid-for extended support on a one-off basis.
Updated
at 11.04am BST
10.51am BST
10:51
The threat posed by the cyber attack has receded for the time being, partly because a UK-based cyber security researcher registered a domain that he noticed the malware was trying to connect to, limiting its spread.
“We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain,” said Vikram Thakur, principal research manager at Symantec. “The numbers are extremely low and coming down fast.”
But the attackers could yet tweak the code and start the new cycle. The British-based researcher, whose Twitter handle is @MalwareTechBlog, said he had not seen any such tweaks yet, “but they will”.
10.36am BST10.36am BST
10:3610:36
Russia’s central bank says it had detected “massive” cyber attacks on domestic banks, which successfully defended them, the RIA news agency reports.Russia’s central bank says it had detected “massive” cyber attacks on domestic banks, which successfully defended them, the RIA news agency reports.
Russian media said that state-owned Russian Railways also successfully defended itself from a cyber attack.Russian media said that state-owned Russian Railways also successfully defended itself from a cyber attack.
10.27am BST10.27am BST
10:2710:27
Cobra meeting calledCobra meeting called
Home Secretary Amber Rudd will chair a Cobra meeting in Whitehall at 2.30pm.Home Secretary Amber Rudd will chair a Cobra meeting in Whitehall at 2.30pm.
10.22am BST10.22am BST
10:2210:22
The cyber attack has affected some hospitals, schools and universities in Asia, but the extent of any damage remains unclear.The cyber attack has affected some hospitals, schools and universities in Asia, but the extent of any damage remains unclear.
China’s official news agency, Xinhua, said secondary schools and universities were hit but did not say how many. Sun Yat-sen university said it received a large number of virus complaints on Friday, financial magazine Caixin reported.China’s official news agency, Xinhua, said secondary schools and universities were hit but did not say how many. Sun Yat-sen university said it received a large number of virus complaints on Friday, financial magazine Caixin reported.
William Saito, cyber security adviser to the Japanese cabinet government, said some institutions were affected but did not elaborate.William Saito, cyber security adviser to the Japanese cabinet government, said some institutions were affected but did not elaborate.
South Korea’s Yonhap news agency said a university hospital in Seoul had been hit as well. Two hospitals in Jakarta were hit, according to an Indonesian official.South Korea’s Yonhap news agency said a university hospital in Seoul had been hit as well. Two hospitals in Jakarta were hit, according to an Indonesian official.
9.30am BST9.30am BST
09:3009:30
Amber Rudd admits there is chance not all NHS files are backed upAmber Rudd admits there is chance not all NHS files are backed up
Amber Rudd told BBC Breakfast she could not confirm that all NHS files are backed up. She said:Amber Rudd told BBC Breakfast she could not confirm that all NHS files are backed up. She said:
I hope the answer is yes, that is the instructions that everybody has received in the past. That is good cyber defence, but I expect, and we will find out over the next few days if there are any holes in that.I hope the answer is yes, that is the instructions that everybody has received in the past. That is good cyber defence, but I expect, and we will find out over the next few days if there are any holes in that.
There may be lessons to learn from this but the most important thing now is to disrupt the attack, let’s come back to afterwards whether there are lessons to be learned.There may be lessons to learn from this but the most important thing now is to disrupt the attack, let’s come back to afterwards whether there are lessons to be learned.
Rudd later told Sky News: “It is disappointing that they [the NHS] have been running Windows XP - I know that the secretary of state for health has instructed them not to and most have moved off it.”Rudd later told Sky News: “It is disappointing that they [the NHS] have been running Windows XP - I know that the secretary of state for health has instructed them not to and most have moved off it.”
She added: “Where the patient data has been properly backed up, which has been in most cases, work can continue as normal because the patient data can be downloaded and people can continue with their work.”She added: “Where the patient data has been properly backed up, which has been in most cases, work can continue as normal because the patient data can be downloaded and people can continue with their work.”
Now, if only someone could find that extra £350 million a week they promised for the NHS...Now, if only someone could find that extra £350 million a week they promised for the NHS...
UpdatedUpdated
at 9.36am BSTat 9.36am BST
9.23am BST9.23am BST
09:2309:23
G7 finance ministers turned their focus today to combating cyber crime in what Italy’s Pier Carlo Padoan described as an “unfortunately very timely” discussion, AFP reports.G7 finance ministers turned their focus today to combating cyber crime in what Italy’s Pier Carlo Padoan described as an “unfortunately very timely” discussion, AFP reports.
The ministers from the group of seven wealthy democracies will say that cyber incidents represent a growing threat to their economies and that tackling them should be a priority, Italian officials said.The ministers from the group of seven wealthy democracies will say that cyber incidents represent a growing threat to their economies and that tackling them should be a priority, Italian officials said.
The talks, scheduled before Friday’s events, focused particularly on the potential threat to the global financial system in the event of hackers being able to infiltrate the computer systems that run the global banking system, capital and equity markets.The talks, scheduled before Friday’s events, focused particularly on the potential threat to the global financial system in the event of hackers being able to infiltrate the computer systems that run the global banking system, capital and equity markets.
The ministers, who also discussed inequality, and transnational tax evasion during their two-day review of the world economy, were due to wrap up their talks at lunchtime.The ministers, who also discussed inequality, and transnational tax evasion during their two-day review of the world economy, were due to wrap up their talks at lunchtime.
“We are agreed on many things ... including on the fight against cyber crime which is unfortunately very timely,” Padoan said on his arrival for Sunday’s closing session.“We are agreed on many things ... including on the fight against cyber crime which is unfortunately very timely,” Padoan said on his arrival for Sunday’s closing session.
9.18am BST9.18am BST
09:1809:18
The UK National Cyber Security Centre is sharing advice on how to prevent a ransomware hack and what to do if you’ve been targeted.The UK National Cyber Security Centre is sharing advice on how to prevent a ransomware hack and what to do if you’ve been targeted.
How to prevent a ransomware incident and what to do if your organisation is infected https://t.co/YSmFYATtAK pic.twitter.com/NhdC5fIWWGHow to prevent a ransomware incident and what to do if your organisation is infected https://t.co/YSmFYATtAK pic.twitter.com/NhdC5fIWWG
9.09am BST9.09am BST
09:0909:09
The Scottish government has said it is working closely with health officials following the hack of 11 of Scotland’s 14 NHS health boards.The Scottish government has said it is working closely with health officials following the hack of 11 of Scotland’s 14 NHS health boards.
Scottish health secretary Shona Robison, who chaired a Scottish government resilience meeting earlier this morning, said work to fix the systems had entered a “recovery phase”. She told the BBC’s Good Morning Scotland programme:Scottish health secretary Shona Robison, who chaired a Scottish government resilience meeting earlier this morning, said work to fix the systems had entered a “recovery phase”. She told the BBC’s Good Morning Scotland programme:
People are working very, very hard and have worked through the night. The update I’ve got this morning is that we’re very much into recovery phase now, with a lot of work going on to get systems back up running.People are working very, very hard and have worked through the night. The update I’ve got this morning is that we’re very much into recovery phase now, with a lot of work going on to get systems back up running.
The GP systems, which of course were the main problem across our health boards - work is going on, and there is a level of confidence that many will be back up and running before GP surgeries open on Monday morning.The GP systems, which of course were the main problem across our health boards - work is going on, and there is a level of confidence that many will be back up and running before GP surgeries open on Monday morning.
Robison added that there has been no detection of breach to patient confidentiality “so patients should be reassured by that”.Robison added that there has been no detection of breach to patient confidentiality “so patients should be reassured by that”.
8.58am BST8.58am BST
08:5808:58
NHS trusts unaffected by the hack are taking precautionary measures.NHS trusts unaffected by the hack are taking precautionary measures.
We have not been affected by the #nhscyberattack but have switched off inbound external emails for precaution and will review on Monday.We have not been affected by the #nhscyberattack but have switched off inbound external emails for precaution and will review on Monday.
8.46am BST8.46am BST
08:4608:46
Here’s some more from the home secretary’s media round this morning, in which she’s giving very few details about the investigation into the attack.Here’s some more from the home secretary’s media round this morning, in which she’s giving very few details about the investigation into the attack.
Rudd said the attack “feels random in terms of where it’s gone to and where it’s been opened”, but said the authorities did not yet know where it had originated.Rudd said the attack “feels random in terms of where it’s gone to and where it’s been opened”, but said the authorities did not yet know where it had originated.
She added: “Windows XP is not a good platform for keeping your data as secure as the modern ones, because you can’t download the effective patches and anti-virus software for defending against viruses.She added: “Windows XP is not a good platform for keeping your data as secure as the modern ones, because you can’t download the effective patches and anti-virus software for defending against viruses.
“CQC (Care Quality Commission) does do cyber checks on the NHS trusts, on hospitals when they do their visits, and they will be advising NHS trusts to move to modernise their platforms and I think that after this experience, I would expect them all to move forward with modernising.”“CQC (Care Quality Commission) does do cyber checks on the NHS trusts, on hospitals when they do their visits, and they will be advising NHS trusts to move to modernise their platforms and I think that after this experience, I would expect them all to move forward with modernising.”
Rudd said the UK was a world leader in cyber security, adding: “So far, all we have seen is patients inconvenienced, some hospitals, some doctors making changes to their daily life.Rudd said the UK was a world leader in cyber security, adding: “So far, all we have seen is patients inconvenienced, some hospitals, some doctors making changes to their daily life.
“But the fact is no data has yet been accessed and the NHS are brilliantly managing to weave through this disruption.”“But the fact is no data has yet been accessed and the NHS are brilliantly managing to weave through this disruption.”
8.19am BST
08:19
NHS must upgrade software - Amber Rudd
Amber Rudd, the home secretary, has been responding to the attack on BBC Radio 4’s Today programme.
“We are not able to tell you who is behind that attack,” she said. “That work is still ongoing. We don’t know anymore about where it has come from at the moment. We know it has affected up to 100 countries and it wasn’t targeted at the NHS.
“We know from the information we have on the type of virus that it feels random about where it has gone to and where it was opened. It is the type of virus that works particularly effectively between systems that are connected to each other so it is more likely to impact larger organisations than individuals. No patient data has been accessed or transferred in any way, thats the information we’ve been given.”
She added that she expected to see the NHS update its computer systems in the wake of the attack, following reports that the organisation may have been made vulnerable by running outdated Microsoft software.
“I expect NHS trusts to learn from this and make sure they do upgrade,” Rudd said.
8.18am BST
08:18
Microsoft said its decision to make the software patch available to all was “made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind”.
It warned that some of the attacks relied on common phishing tactics and urged customers to be vigilant when opening documents from untrusted or unknown sources.
8.11am BST
08:11
Microsoft has released a solution for all Windows users, regardless of whether they are supported or not. The corporation said it was “painful” to see how businesses and individuals had been affected by the attack.
Microsoft releases #WannaCrypt protection for out-of-support products Windows XP, Windows 8, & Windows Server 2003: https://t.co/ZgINDXAdCj
Updated
at 8.12am BST
7.42am BST
07:42
Summary
If you’re just joining us, here’s what we know so far about Friday’s cyber-attack that has affected countries and organisations across the globe:
A global ransomware attack has hit the UK’s National Health Service hardest, forcing hospitals to cancel operations and divert ambulances and rendering documents such as patient records and x-rays unavailable. The National Cyber Security Centre says teams are “working round the clock” to bring systems back online. NHS Digital and prime minister Theresa May say there is no evidence patient data has been accessed.
Thousands of patients across England and Scotland are stuck in limbo, with parents of newborns unable to take them home. The service will doubtless face a weekend of delays and non-emergency patients have been urged to use health facilities frugally.
A security expert has been hailed an “accidental hero” for his role in halting the spread of the WanaCrypt0r 2.0 bug. The man behind the @MalwareTechBlog Twitter account is reported to have simply paid a few dollars to register a domain name that, once active, performs the role of a “kill switch” that deactivates the malware in its current form.
Tens of thousands of attacks were registered in 99 countries. Russia, Ukraine, India and Taiwan initially appeared to be most hard hit, though details are yet to emerge. Russia said 1,000 computers at its interior ministry were affected.
The malicious software asks for a $300 (£233) ransom per machine to be paid in cryptocurrency Bitcoin to unlock computers. Some payments are reported to have been made.
The bug appears to originate from a malware dump made by a group called Shadow Brokers, which claim to have stolen a cache of “cyber weapons” from the National Security Agency (NSA).
In Spain, megaphone announcements told employees at telecom giant Telefónica to close their workstations immediately while the attack spread.
Scotland reported that 11 health boards and its ambulance service attacked.
Whistleblower Edward Snowden blamed the NSA, saying: “If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened.”
FedEx also announced it was affected and said it was “implementing remediation steps as quickly as possible”.
Read the Guardian’s full report on the attack here:
Updated
at 8.10am BST
7.18am BST
07:18
The security expert credited with halting the spread of the bug – at least in its current iteration – might have quite a busy weekend by the looks of it.
*finishes reading notifications**refreshes page* pic.twitter.com/EHjMpMOU0e
Updated
at 7.22am BST
6.44am BST
06:44
Here is a fuller read on the plight of the NHS as we enter day two of the crisis for the organisation, which appears by far the biggest victim of the cyber-attack.
Patients at hospitals and GP surgeries in England and Scotland will face a weekend of disruption, as delays that began on Friday spill over into the weekend.
The shadow health secretary Jonathan Ashworth urged the government to be “clear about what’s happened”, describing the attack as “terrible news and a real worry for patients”.
5.52am BST
05:52
The notoriously difficult process of tracking down the source of the attack begins.
Ciaran Martin, the head of the UK’s cyber security agency, told the BBC on Friday night: “It’s important to understand that cyber attacks can be different from other forms of crime in that their sometimes highly technical and anonymous nature means it can take some time to understand how it worked, who was behind it and what the impact is.”
IP addresses from our sinkhole have been sent to FBI and ShadowServer so affected organisations should get a notification soon. patch ASAP.
5.48am BST
05:48
The malware researcher who helped curtail the spread of the attack has pointed out that escaping this attack does not necessarily safeguard against further, similar attacks.
So long as the domain isn't revoked, this particular strain will no longer cause harm, but patch your systems ASAP as they will try again.
5.24am BST
05:24
Taiwan’s department of cyber security has said the island’s government agencies and hospital systems appear to be so far unaffected by the attack. Taiwan was prominent on the list of places affected by the WanaCrypt0r 2.0 bug.
However, Howard Jyan, the director general of the government department said there had been no disruption and that Taiwan was ready for any future attacks, adding “We can control the situation.”
Meanwhile, Ross Feingold, a Taiwan-based political analyst who advises on Taiwan and Hong Kong political affairs, said: “As the attack commenced on Friday night Taiwan time, many organisations, whether government or private sector, will only know the true impact on Monday morning when personnel return to work, turn on their computers, and possibly click on malware and/or otherwise discover that the organisation is the victim of ransomware.”
“However, it once again demonstrates that Taiwan’s cyber security, as in other areas of its defences, requires ongoing investment in software, hardware, and personnel training so that they can identify suspicious emails in both Chinese and English.”
Updated
at 5.27am BST
4.46am BST
04:46
This malware tracker from MalwareTech gives a map view of where the ransomware struck across the globe. The timeline underneath shows just how quickly it spread, and the sharp dip coincides presumably with the moment the “accidental hero” registered the domain name that halted the attack for the most part.