This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/society/live/2017/may/12/england-hospitals-cyber-attack-nhs-live-updates

The article has changed 42 times. There is an RSS feed of changes available.

Version 33 Version 34
Cyber-attack: May says 'no evidence' NHS patient records compromised – live Cyber-attack: May says 'no evidence' NHS patient records compromised – live
(35 minutes later)
3.59pm BST
15:59
Nadia Khomami
The “accidental hero” who halted the global spread of an unprecedented ransomware attack by registering a garbled domain name hidden in the malware has warned the attack could be rebooted.
The ransomware used in Friday’s attack wreaked havoc on organisations including FedEx and Telefonica, as well as the UK’s National Health Service(NHS), where operations were cancelled, X-rays, test results and patient records became unavailable and phones did not work.
But the spread of the attack was brought to a sudden halt when one UK cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and inadvertently activated a “kill switch” in the malicious software.
The researcher, who identified himself only as MalwareTech, is a 22-year old from south-west England who lives with his parents and works for Kryptos logic, an LA-based threat intelligence company.
3.36pm BST
15:36
Sky News political correspondent Beth Rigby tweets that the Cobra meeting, scheduled to start at 230pm, has now concluded.
#COBR #NHSattack meeting over. Attendees included Hunt, Rudd, Treasury minister David Gauke, cab minister Ben Gummer & Lynne Owens of NCA
3.35pm BST
15:35
Many have been asking where health secretary Jeremy Hunt has been amid the computer chaos in the NHS.
He has finally emerged and was spotted earlier this afternoon arriving for the Cobra meeting in Whitehall, as Jon Vale of Press Association tweets.
Jeremy Hunt arrives at Whitehall for today's COBRA meeting after y'day's cyber attacks against the NHS pic.twitter.com/Mze3aviZZS
3.14pm BST3.14pm BST
15:1415:14
Charles ArthurCharles Arthur
Technology commentator Charles Arthur says the Tories are responsible for the sorry state of IT in the NHS:Technology commentator Charles Arthur says the Tories are responsible for the sorry state of IT in the NHS:
Public services aren’t disproportionately targeted by hackers; if anything, they tend to offer less interesting pickings to profit-seeking hackers than smaller commercial outfits. But they constitute low-hanging fruit for ransomware in particular.Public services aren’t disproportionately targeted by hackers; if anything, they tend to offer less interesting pickings to profit-seeking hackers than smaller commercial outfits. But they constitute low-hanging fruit for ransomware in particular.
Amber Rudd can burble as much as she wants, but the £1bn put into the National Cyber Security Centre is a fraction of the amount needed to upgrade the NHS’s IT systems. The next government should acknowledge that fact.”Amber Rudd can burble as much as she wants, but the £1bn put into the National Cyber Security Centre is a fraction of the amount needed to upgrade the NHS’s IT systems. The next government should acknowledge that fact.”
3.05pm BST3.05pm BST
15:0515:05
A Welsh government spokesperson said there had been no incidents in NHS Wales like those affecting NHS systems in England and Scotland.A Welsh government spokesperson said there had been no incidents in NHS Wales like those affecting NHS systems in England and Scotland.
“We have recently invested in upgrading IT to protect potentially vulnerable frontline NHS Wales systems. We have also introduced a national standard for IT security for all GP surgeries in Wales. We continue to monitor the situation closely,” the spokesperson said.“We have recently invested in upgrading IT to protect potentially vulnerable frontline NHS Wales systems. We have also introduced a national standard for IT security for all GP surgeries in Wales. We continue to monitor the situation closely,” the spokesperson said.
2.54pm BST2.54pm BST
14:5414:54
Nadia KhomamiNadia Khomami
The global ransomware cyber-attack that targeted tens of thousands of computers in 100 countries and crippled NHS systems appears to have raised just $20,000 (£15,500) for the criminals behind it, experts working with investigators have told the Guardian.The global ransomware cyber-attack that targeted tens of thousands of computers in 100 countries and crippled NHS systems appears to have raised just $20,000 (£15,500) for the criminals behind it, experts working with investigators have told the Guardian.
Tom Robinson, co-founder of Elliptic, a company that identifies illicit activity involving bitcoin and provides services to most major law enforcement agencies in the US and UK, said that at least three bitcoin addresses have been identified as being associated with the malware used in Friday’s worldwide attack.Tom Robinson, co-founder of Elliptic, a company that identifies illicit activity involving bitcoin and provides services to most major law enforcement agencies in the US and UK, said that at least three bitcoin addresses have been identified as being associated with the malware used in Friday’s worldwide attack.
Read more here:Read more here:
UpdatedUpdated
at 2.57pm BSTat 2.57pm BST
2.24pm BST2.24pm BST
14:2414:24
Rudd responds to Labour accusationsRudd responds to Labour accusations
Labour wrote to the health secretary, Jeremy Hunt, earlier today to demand answers on the impact of the ransomware attack on the NHS. Home secretary Amber Rudd - not Hunt - has now replied to that letter.Labour wrote to the health secretary, Jeremy Hunt, earlier today to demand answers on the impact of the ransomware attack on the NHS. Home secretary Amber Rudd - not Hunt - has now replied to that letter.
“The malicious actions of the cyber criminals behind this attack have caused considerable distress for those patients who have been affected,” she wrote. “There is no evidence that any patient data has been compromised and the NHS has done brilliantly to manage the disruption.”“The malicious actions of the cyber criminals behind this attack have caused considerable distress for those patients who have been affected,” she wrote. “There is no evidence that any patient data has been compromised and the NHS has done brilliantly to manage the disruption.”
“But we must be careful not to characterise this as an attack on our NHS, and it is vital we do not jump to the wrong conclusions. As Europol have said, the scale of this attack is unprecedented and it is affecting a wide range of organisations in almost 100 countries around the globe.“But we must be careful not to characterise this as an attack on our NHS, and it is vital we do not jump to the wrong conclusions. As Europol have said, the scale of this attack is unprecedented and it is affecting a wide range of organisations in almost 100 countries around the globe.
“Today we have learned that Nissan’s plant in Sunderland has been affected, while according to reports others affected around the world include major telecoms firms, utility providers, railways, universities and local authorities.”“Today we have learned that Nissan’s plant in Sunderland has been affected, while according to reports others affected around the world include major telecoms firms, utility providers, railways, universities and local authorities.”
Responding to a suggestion by shadow health secretary Jonathan Ashworth that the government had failed to invest in NHS digital services, Rudd added: “We have doubled investment in cyber security to £1.9 billion and established the National Cyber Security Centre as part of GCHQ to act as a single point of contact for major incidents like this.Responding to a suggestion by shadow health secretary Jonathan Ashworth that the government had failed to invest in NHS digital services, Rudd added: “We have doubled investment in cyber security to £1.9 billion and established the National Cyber Security Centre as part of GCHQ to act as a single point of contact for major incidents like this.
“The NCSC provides guidance to organisations on how to protect themselves from ransomware, and CareCERT was established in 2015 to provide national cyber support services for the health and care system. It is delivered by NHS Digital, working with the NCSC, and since 2015 more than £50 million have been made available to support CareCERT services.”“The NCSC provides guidance to organisations on how to protect themselves from ransomware, and CareCERT was established in 2015 to provide national cyber support services for the health and care system. It is delivered by NHS Digital, working with the NCSC, and since 2015 more than £50 million have been made available to support CareCERT services.”
And in a final swipe against Labour, she said: “Should you have any concerns about the security of the Labour Party’s own systems, GCHQ stand ready to provide a briefing on how best to minimise the risk of a successful attack.”And in a final swipe against Labour, she said: “Should you have any concerns about the security of the Labour Party’s own systems, GCHQ stand ready to provide a briefing on how best to minimise the risk of a successful attack.”
2.03pm BST2.03pm BST
14:0314:03
May says 'no evidence' patient records compromisedMay says 'no evidence' patient records compromised
Theresa May said there is “no evidence that patient records have been compromised” and thanked NHS staff for working overnight.Theresa May said there is “no evidence that patient records have been compromised” and thanked NHS staff for working overnight.
“This cyber attack that has taken place has affected organisations here in the UK but in many countries around the world as well. Europol has said that it is unprecedented in terms of the scale of the cyber attack that has taken place. The National Cyber Security Centre is working with all organisations here in the UK that have been affected and that’s very important,” the prime minister said.“This cyber attack that has taken place has affected organisations here in the UK but in many countries around the world as well. Europol has said that it is unprecedented in terms of the scale of the cyber attack that has taken place. The National Cyber Security Centre is working with all organisations here in the UK that have been affected and that’s very important,” the prime minister said.
“I’d like to thank particularly the NHS staff who have been working through the night to ensure that, as we know, there has been no compromise of patient records.”“I’d like to thank particularly the NHS staff who have been working through the night to ensure that, as we know, there has been no compromise of patient records.”
May also said it was “entirely right” for Amber Rudd to chair a Cobra meeting this afternoon.May also said it was “entirely right” for Amber Rudd to chair a Cobra meeting this afternoon.
“The home secretary has responsibility for these issues but the government is ensuring through our National Cyber Security Centre that we are giving this our full attention and working with all the organisations concerned to resolve it.”“The home secretary has responsibility for these issues but the government is ensuring through our National Cyber Security Centre that we are giving this our full attention and working with all the organisations concerned to resolve it.”
UpdatedUpdated
at 2.08pm BSTat 2.08pm BST
1.46pm BST1.46pm BST
13:4613:46
Kate ConnollyKate Connolly
More from Germany, where the main culprit of the cyber attacks appears to be Deutsche Bahn, the national rail network, whose surveillance technology has been seriously affected.More from Germany, where the main culprit of the cyber attacks appears to be Deutsche Bahn, the national rail network, whose surveillance technology has been seriously affected.
Germany’s federal crime police office the BKA has taken over the criminal investigation to find the culprits, according to interior minister Thomas de Maiziere. He said the attack has caused a “very serious threat” that authorities had repeatedly warned was likely.Germany’s federal crime police office the BKA has taken over the criminal investigation to find the culprits, according to interior minister Thomas de Maiziere. He said the attack has caused a “very serious threat” that authorities had repeatedly warned was likely.
According to a DB spokesman, the attack led to the partial shutting down of digital display boards across the country, as well as the failure of ticket machines at railway stations. Video surveillance technology across the country was also affected, a spokesman for the interior ministry said.According to a DB spokesman, the attack led to the partial shutting down of digital display boards across the country, as well as the failure of ticket machines at railway stations. Video surveillance technology across the country was also affected, a spokesman for the interior ministry said.
According to the interior ministry spokesman, government computer networks remained unaffected by the attack. DB appears to be the only organisation that has been attacked in Germany, but whether it has also been affected by the “WannaCry” trojans is unclear.According to the interior ministry spokesman, government computer networks remained unaffected by the attack. DB appears to be the only organisation that has been attacked in Germany, but whether it has also been affected by the “WannaCry” trojans is unclear.
Across the country, travellers reported that digital arrival and departure information display boards had been disrupted. Instead of the normal information, the empty display boards flashed messages informing passengers: “please refer to timetables”.Across the country, travellers reported that digital arrival and departure information display boards had been disrupted. Instead of the normal information, the empty display boards flashed messages informing passengers: “please refer to timetables”.
The bahn.de website and smartphone app appeared to have been unaffected, a spokesman for DB said. Ticket offices remained opened and rail traffic was apparently unaffected by the attack.The bahn.de website and smartphone app appeared to have been unaffected, a spokesman for DB said. Ticket offices remained opened and rail traffic was apparently unaffected by the attack.
1.20pm BST1.20pm BST
13:2013:20
The UK-based cybersecurity researcher credited with helping to stop the spread of the ransomware attack has written an article - How to Accidentally Stop a Global Cyber Attack - explaining what happened on his MalwareTech blog.The UK-based cybersecurity researcher credited with helping to stop the spread of the ransomware attack has written an article - How to Accidentally Stop a Global Cyber Attack - explaining what happened on his MalwareTech blog.
My blog post is done! Now you can read the full story of yesterday's events here:https://t.co/BLFORfM2udMy blog post is done! Now you can read the full story of yesterday's events here:https://t.co/BLFORfM2ud
You might need a computer science degree to understand some of it though.You might need a computer science degree to understand some of it though.
1.05pm BST1.05pm BST
13:0513:05
The digitalhealth.net site reports that some of the disruption to NHS services has been caused by trusts turning computer systems off as a precautionary measure, rather than them being infected by the ransomware.The digitalhealth.net site reports that some of the disruption to NHS services has been caused by trusts turning computer systems off as a precautionary measure, rather than them being infected by the ransomware.
One leading NHS IT director told Digital Health News: “All of the reports on the BBC [about disruption] are directly related to people having shut down networks, nothing to do with the ransomware itself.One leading NHS IT director told Digital Health News: “All of the reports on the BBC [about disruption] are directly related to people having shut down networks, nothing to do with the ransomware itself.
“I know people have been hit, but I fail to see how disconnecting clinical systems from networks helps anyone. If your clinical system can be attacked by ransomware, there is something seriously wrong with its deployment.”“I know people have been hit, but I fail to see how disconnecting clinical systems from networks helps anyone. If your clinical system can be attacked by ransomware, there is something seriously wrong with its deployment.”
UpdatedUpdated
at 1.07pm BSTat 1.07pm BST
12.48pm BST
12:48
Mikko Hypponen, chief research officer at Helsinki-based cyber security company F-Secure, says the attack is “the biggest ransomware outbreak in history”, affecting 130,000 systems in more than 100 countries.
He says that Russia and India were hit particularly hard, partly because the older Windows XP operating system is still widely used in the countries.
12.35pm BST
12:35
German rail operator Deutsche Bahn said its systems were infected as part of the global cyber attack that has wreaked havoc in almost 100 countries.
Although train services were not disrupted, some arrivals and departures boards at stations had been affected.
Pictures posted online by travellers showed red windows appearing on announcement boards with a message demanding payment to restore access. Deutsche Bahn said it was working to rectify the problem.
German interior minister Thomas de Maiziere said government computer systems were not affected.
12.01pm BST
12:01
Labour leader Jeremy Corbyn has also responded to the attack:
What we’ve now got is a bunch of 21st Century highway robbers that have hacked into our NHS and are basically offering protection money to get the information back in order to treat cancer patients or anybody else. It’s unbelievably disgusting and I’ve got nothing but contempt for those people that have done it, and I’m sure all of you would share that.
But I’m also very angry that in 2014, there was a one-year renewal of the protection system on the NHS systems which was not renewed after that and not renewed the year after that and so are systems are now not upgraded and not protected. As a result, we’ve got this dreadful situation that NHS workers are facing today.
And so we obviously support our NHS workers but I tell you this, a Labour government would not leave our NHS’s very vital information systems unprotected. We would protect them.”
11.55am BST
11:55
Labour said there have been repeated warnings about the vulnerability of the outdated NHS systems, including from the National Cyber Security Centre and the National Crime Agency.
Many had been left “extremely vulnerable” to an attack since 2015, when they continued to use an outdated version of Windows after a security package had been stopped, Jon Ashworth said.
“NHS Trusts have been running thousands of outdated and unsupported Windows XP machines despite the Government ending its annual £5.5m deal with Microsoft, which provided ongoing security support for Windows XP, in May 2015,” the shadow health secretary wrote in his letter to Jeremy Hunt.
“It effectively means that unless individual trusts were willing to pay Microsoft for an extended support deal, since May 2015 their operating systems have been extremely vulnerable to being hacked.”
A freedom of information request in February found that 79 English NHS trusts had suffered ransomware attacks since June 2015, Ashworth said.
11.48am BST
11:48
Labour accuses Hunt over NHS attack
Labour has accused Jeremy Hunt of ignoring “extensive warning signs” before the unprecedented cyber attack that has plunged the NHS into chaos.
Shadow health secretary Jonathan Ashworth said concerns were repeatedly flagged about the NHS’s outdated computer systems, which left it vulnerable to the virus.
In a letter to Hunt on Saturday he wrote: “As Secretary of State, I urge you to publically outline the immediate steps you’ll be taking to significantly improve cyber security in our NHS. The public has a right to know exactly what the Government will do to ensure that such an attack is never repeated again.”
11.42am BST
11:42
Nissan's Sunderland plant affected
The huge Sunderland car factory owned by Nissan has been struck by the cyber attack, halting production at 5pm on Friday.
A Nissan spokesman told Newcastle’s ChronicleLive: “Like many organisations, our UK plant was subject to a ransomware attack affecting some of our systems on Friday evening. Our teams are working to resolve the issue.”
Updated
at 11.44am BST
11.37am BST
11:37
It’s worth remembering that back in February 2016 a Californian hospital paid $17,000 in bitcoin after hackers installed a virus on its computer systems that encrypted their computer files.
Hollywood Presbyterian Medical Center lost access to its computer systems on 5 February. Almost two weeks later the hospital said it had paid up to regain access to its data.
The move was one of the most high-profile examples of a hacking victim paying the fee for so-called ransomware.
11.23am BST
11:23
BBC technology correspondent Rory Cellan-Jones tweets:
Love the fact that the hero who stopped the ransomware spreading regards it as almost accidental! https://t.co/fqlnhBXYTq
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
Updated
at 11.24am BST
11.11am BST
11:11
French carmaker Renault is the first French firm to be hit by the global cyberattack, management said on Saturday.
“Work is going on since last night. We are doing what is needed to counter this attack,” a spokesperson said.
“The problems were mainly related to France, where some of Renault’s factories also faced a malfunctioning of certain parts of its information system,” she added.
The attack has also halted production at Renault’s Revoz subsidiary in Slovenia after computer systems were hit.
Updated
at 11.22am BST
11.03am BST
11:03
The Guardian’s Samuel Gibbs reported in May 2015 that the Government Digital Service had decided not to continue its £5.5m deal with Microsoft to extend support for Windows XP. That decision left government computers still running on the obsolete operating system at risk from hackers and may be one reason why some NHS trusts fell victim to the attack on Friday.
The service said ending the support meant “weaknesses that are found in unsupported products will remain unpatched and will be exploitable by relatively low-skilled attackers”.
Microsoft withdrew its extended support programme for Windows XP, its 14-year-old operating system, in April 2014. Given the number of Windows XP PCs still being used in government and businesses at the time, Microsoft provided paid-for extended support on a one-off basis.
Updated
at 11.04am BST