This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/society/live/2017/may/12/england-hospitals-cyber-attack-nhs-live-updates
The article has changed 42 times. There is an RSS feed of changes available.
Previous version
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
Next version
| Version 8 | Version 9 |
|---|---|
| Cyber-attack hits 74 countries with UK hospitals among targets – live updates | Cyber-attack hits 74 countries with UK hospitals among targets – live updates |
| (35 minutes later) | |
| 11.58pm BST | |
| 23:58 | |
| The National Cyber Security Centre’s CEO Ciaran Martin has issued a new statement on the ransomware attack. | |
| Martin said the NCSC is “working round the clock” with UK, international, and private sector partners to respond to the attack, and reiterated that there is no evidence that NHS patient data has been stolen. | |
| “We are very aware that attacks on critical services such as the NHS have a massive impact on individuals and their families, and we are doing everything in our power to help them restore these vital services.” | |
| The NCSC’s guidance for protecting yourself from ransomware can be found here. | |
| 11.35pm BST | |
| 23:35 | |
| The Russian interior ministry said earlier today that about 1,000 computers of its computers had been affected. The country’s largest bank, Sberbank, was also targeted, according to the Associated Press, but said that it had successfully repelled the attack. | |
| Russia was hit early and hard by the attack, which could be a sign that the attacks originated in that country, according to Markus Jakobsson, chief scientist with security firm Agari. | |
| Since the malware spreads by email, he told the Guardian, it’s possible that the criminals had access to a large database of Russian email addresses. | |
| However, Jakobsson warned that the origin of the attack remains unconfirmed. | |
| 10.59pm BST | 10.59pm BST |
| 22:59 | 22:59 |
| Scotland: 11 health boards and ambulance service attacked | Scotland: 11 health boards and ambulance service attacked |
| Eleven of Scotland’s 14 geographical health boards and its ambulance service have been affected by the global cyberattack, according to the Press Association. | Eleven of Scotland’s 14 geographical health boards and its ambulance service have been affected by the global cyberattack, according to the Press Association. |
| “I have convened a Scottish Government resilience meeting to ensure that we are closely monitoring the situation,” first minister Nicola Sturgeon said. “All necessary steps are being taken to ensure that the cause and nature of this attack is identified. There is no evidence that patient data has been compromised.” | “I have convened a Scottish Government resilience meeting to ensure that we are closely monitoring the situation,” first minister Nicola Sturgeon said. “All necessary steps are being taken to ensure that the cause and nature of this attack is identified. There is no evidence that patient data has been compromised.” |
| The impacted health boards are NHS Borders, Dumfries and Galloway, Fife, Forth Valley, Lanarkshire, Greater Glasgow and Clyde, Tayside, Western Isles, Highlands, Grampian, Ayrshire and Arran, and the Scottish Ambulance Service. | The impacted health boards are NHS Borders, Dumfries and Galloway, Fife, Forth Valley, Lanarkshire, Greater Glasgow and Clyde, Tayside, Western Isles, Highlands, Grampian, Ayrshire and Arran, and the Scottish Ambulance Service. |
| 10.44pm BST | 10.44pm BST |
| 22:44 | 22:44 |
| Ransomware attacks have been on the rise around the globe, and hospitals are particularly vulnerable, thanks to outdated IT systems and increasing reliance on electronic health records. | Ransomware attacks have been on the rise around the globe, and hospitals are particularly vulnerable, thanks to outdated IT systems and increasing reliance on electronic health records. |
| The BBC reported in April that the NHS hospital trusts in England saw 55 cyber attacks in 2016. | The BBC reported in April that the NHS hospital trusts in England saw 55 cyber attacks in 2016. |
| Last year, a hospital in Los Angeles was infected with ransomware. Doctors and nurses resorted to using paper charts and fax machines for days before the hospital paid $17,000 in bitcoin to the ransomware hackers. | Last year, a hospital in Los Angeles was infected with ransomware. Doctors and nurses resorted to using paper charts and fax machines for days before the hospital paid $17,000 in bitcoin to the ransomware hackers. |
| “The attack against the NHS demonstrates that cyber-attacks can quite literally have life and death consequences,” Mike Viscuso, chief techology officer of security firm Carbon Black, told the Guardian. “When patients’ lives are at stake, there is no time for finger pointing but this attack serves as an additional clarion call that healthcare organizations must make cybersecurity a priority, lest they encounter a scenario where lives are risked.” | “The attack against the NHS demonstrates that cyber-attacks can quite literally have life and death consequences,” Mike Viscuso, chief techology officer of security firm Carbon Black, told the Guardian. “When patients’ lives are at stake, there is no time for finger pointing but this attack serves as an additional clarion call that healthcare organizations must make cybersecurity a priority, lest they encounter a scenario where lives are risked.” |
| 10.17pm BST | 10.17pm BST |
| 22:17 | 22:17 |
| Global courier company FedEx has been infected by the ransomware. | Global courier company FedEx has been infected by the ransomware. |
| “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware,” a spokesperson said in a statement. “We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers.” | “Like many other companies, FedEx is experiencing interference with some of our Windows-based systems caused by malware,” a spokesperson said in a statement. “We are implementing remediation steps as quickly as possible. We regret any inconvenience to our customers.” |
| 10.14pm BST | 10.14pm BST |
| 22:14 | 22:14 |
| The WannaCry ransomware has now spread to 99 countries, according to security firm Avast. | The WannaCry ransomware has now spread to 99 countries, according to security firm Avast. |
| 9.56pm BST | 9.56pm BST |
| 21:56 | 21:56 |
| The suspected origin of the ransomware in a vulnerability known to the US’s National Security Agency is already leading to finger-pointing by some critics. | The suspected origin of the ransomware in a vulnerability known to the US’s National Security Agency is already leading to finger-pointing by some critics. |
| Experts believe that WannaCry works by taking advantage of a flaw in Windows that the NSA knew about but kept secret. Intelligence agencies keep a stockpile of such vulnerabilities and use them to carry out intelligence gathering or engage in cyberwarfare. | Experts believe that WannaCry works by taking advantage of a flaw in Windows that the NSA knew about but kept secret. Intelligence agencies keep a stockpile of such vulnerabilities and use them to carry out intelligence gathering or engage in cyberwarfare. |
| This particular vulnerability was publicly disclosed by a group calling itself Shadow Brokers, which claimed to have stolen it from the NSA. Once the flaw was public, Microsoft issued a fix, but many users and institutions are slow to install security updates. | This particular vulnerability was publicly disclosed by a group calling itself Shadow Brokers, which claimed to have stolen it from the NSA. Once the flaw was public, Microsoft issued a fix, but many users and institutions are slow to install security updates. |
| Edward Snowden articulated the critique of the NSA’s role in the attack on Twitter. | Edward Snowden articulated the critique of the NSA’s role in the attack on Twitter. |
| If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened https://t.co/lhApAqB5j3 | If @NSAGov had privately disclosed the flaw used to attack hospitals when they *found* it, not when they lost it, this may not have happened https://t.co/lhApAqB5j3 |
| 9.43pm BST | 9.43pm BST |
| 21:43 | 21:43 |
| Kaspersky Lab, a cybersecurity company based in Moscow, has published a blogpost in which it estimates that 45,000 attacks have been carried out in 74 countries, mostly in Russia. It added that the totals could be “much, much higher”. You can read the full analysis here. | Kaspersky Lab, a cybersecurity company based in Moscow, has published a blogpost in which it estimates that 45,000 attacks have been carried out in 74 countries, mostly in Russia. It added that the totals could be “much, much higher”. You can read the full analysis here. |
| Julia Wong in San Francisco will now be taking over the liveblog. | Julia Wong in San Francisco will now be taking over the liveblog. |
| Updated | Updated |
| at 9.46pm BST | at 9.46pm BST |
| 9.38pm BST | 9.38pm BST |
| 21:38 | 21:38 |
| NHS staff and patients have been getting in touch with us. | NHS staff and patients have been getting in touch with us. |
| One NHS junior doctor at a London hospital, who wishes to remain anonymous, said they were unable to look after patients properly: | One NHS junior doctor at a London hospital, who wishes to remain anonymous, said they were unable to look after patients properly: |
| However much they pretend patient safety is unaffected - it’s not true. At my hospital we are literally unable to do any X-rays, which are an essential component of emergency medicine. | However much they pretend patient safety is unaffected - it’s not true. At my hospital we are literally unable to do any X-rays, which are an essential component of emergency medicine. |
| It’s a good hospital in many ways but the IT is appalling ... This is the 3rd or 4th time there has been major computer downtime since I started at my current hospital, 8 months ago. I know the staff will do their very best to keep looking after everyone, but there are no robust systems in place to deal with blackouts like this - information sharing is hard enough in a clinical environment when everything works. | It’s a good hospital in many ways but the IT is appalling ... This is the 3rd or 4th time there has been major computer downtime since I started at my current hospital, 8 months ago. I know the staff will do their very best to keep looking after everyone, but there are no robust systems in place to deal with blackouts like this - information sharing is hard enough in a clinical environment when everything works. |
| Without the IT systems I suspect test results will be missed, and definitely delayed. Handovers are much more difficult. It will, absolutely certainly, impact patient safety negatively, even if that impact can’t be clearly measured. | Without the IT systems I suspect test results will be missed, and definitely delayed. Handovers are much more difficult. It will, absolutely certainly, impact patient safety negatively, even if that impact can’t be clearly measured. |
| Updated | Updated |
| at 9.38pm BST | at 9.38pm BST |
| 9.11pm BST | 9.11pm BST |
| 21:11 | 21:11 |
| Hacking tool was probably stolen from NSA, expert says | Hacking tool was probably stolen from NSA, expert says |
| A little more detail on how the attack on may have come about: According to Prof Alan Woodward, a security expert at Surrey University, it resembles an exploit of “EternalBlue” - the name given to a weakness in Microsoft’s security that is thought to have been identified secretly by the US National Security Agency (NSA). | A little more detail on how the attack on may have come about: According to Prof Alan Woodward, a security expert at Surrey University, it resembles an exploit of “EternalBlue” - the name given to a weakness in Microsoft’s security that is thought to have been identified secretly by the US National Security Agency (NSA). |
| A hacking group calling itself Shadow Brokers claimed to have stolen information about the vulnerability from the NSA last year, as part of a cache of files. It tried to auction them off but, after no one made a satisfactory bid, reportedly dumped them online for free. Microsoft released a fix and some researchers have suggested that a failure to implement it may have exacerbated the problem. He told the Guardian: | A hacking group calling itself Shadow Brokers claimed to have stolen information about the vulnerability from the NSA last year, as part of a cache of files. It tried to auction them off but, after no one made a satisfactory bid, reportedly dumped them online for free. Microsoft released a fix and some researchers have suggested that a failure to implement it may have exacerbated the problem. He told the Guardian: |
| From the analysis that has been done, it looks like it is the ‘EternalBlue’ weakness that has been exploited because it is using the same ports and protocols. We don’t know publicly if it is the NSA (that found the vulnerability) but it is widely assumed it is and that is what Shadow Brokers said. | From the analysis that has been done, it looks like it is the ‘EternalBlue’ weakness that has been exploited because it is using the same ports and protocols. We don’t know publicly if it is the NSA (that found the vulnerability) but it is widely assumed it is and that is what Shadow Brokers said. |
| Updated | Updated |
| at 9.15pm BST | at 9.15pm BST |
| 8.34pm BST | 8.34pm BST |
| 20:34 | 20:34 |
| More than half of Scotland’s health boards have been affected by the large-scale cyber-attack on NHS computer systems. GP surgeries and dental surgeries were among some of the locations hit by the ransomware attack on IT networks, the Press Association reports. | More than half of Scotland’s health boards have been affected by the large-scale cyber-attack on NHS computer systems. GP surgeries and dental surgeries were among some of the locations hit by the ransomware attack on IT networks, the Press Association reports. |
| NHS Lanarkshire said only those patients requiring emergency treatment should attend hospital while they dealt with the issue on Friday. | NHS Lanarkshire said only those patients requiring emergency treatment should attend hospital while they dealt with the issue on Friday. |
| Scotland’s biggest health board, NHS Greater Glasgow and Clyde, as well as NHS Tayside, NHS Dumfries and Galloway and NHS Forth Valley confirmed that some of their GP surgeries had been caught up in the incident. | Scotland’s biggest health board, NHS Greater Glasgow and Clyde, as well as NHS Tayside, NHS Dumfries and Galloway and NHS Forth Valley confirmed that some of their GP surgeries had been caught up in the incident. |
| NHS Western Isles, NHS Fife and NHS Borders said they have been affected to some extent. It means that at least eight of Scotland’s 14 health boards have reported some level of disruption as a result of the attack. | NHS Western Isles, NHS Fife and NHS Borders said they have been affected to some extent. It means that at least eight of Scotland’s 14 health boards have reported some level of disruption as a result of the attack. |
| There is no evidence that patient data has been compromised. | There is no evidence that patient data has been compromised. |
| Updated | Updated |
| at 9.16pm BST | at 9.16pm BST |
| 7.50pm BST | 7.50pm BST |
| 19:50 | 19:50 |
| The Agence France-Presse news agency reports that, in Spain, employees at the telecom giant Telefónica were told to shut down their workstations immediately through megaphone announcements as the attack spread. | The Agence France-Presse news agency reports that, in Spain, employees at the telecom giant Telefónica were told to shut down their workstations immediately through megaphone announcements as the attack spread. |
| Forcepoint Security Labs said that “a major malicious email campaign” consisting of nearly 5m emails per hour was spreading the ransomware. | Forcepoint Security Labs said that “a major malicious email campaign” consisting of nearly 5m emails per hour was spreading the ransomware. |
| The group said in a statement that the attack had “global scope”, affecting organisations in Australia, Belgium, France, Germany, Italy and Mexico. | The group said in a statement that the attack had “global scope”, affecting organisations in Australia, Belgium, France, Germany, Italy and Mexico. |
| Updated | Updated |
| at 8.14pm BST | at 8.14pm BST |
| 7.44pm BST | 7.44pm BST |
| 19:44 | 19:44 |
| Some more quotes from the prime minister. She has told reporters: | Some more quotes from the prime minister. She has told reporters: |
| I think what is important is that we have recognised that increasingly we need to be aware of the need to address cyber security issues, that’s why the National Cyber Security Centre has been set up. It is now able to work with the NHS to support the organisations concerned and to ensure that patient safety is protected. | I think what is important is that we have recognised that increasingly we need to be aware of the need to address cyber security issues, that’s why the National Cyber Security Centre has been set up. It is now able to work with the NHS to support the organisations concerned and to ensure that patient safety is protected. |
| 7.36pm BST | 7.36pm BST |
| 19:36 | 19:36 |
| After the prime minister said she was “not aware of any evidence that patient data has been compromised”, Ross Anderson, a professor of security engineering at Cambridge university, advises caution. | After the prime minister said she was “not aware of any evidence that patient data has been compromised”, Ross Anderson, a professor of security engineering at Cambridge university, advises caution. |
| The NHS are saying that patient privacy hasn’t been compromised, but if significant numbers of hospitals have been negligently running unpatched computers for two months after the patch came out, how do they know? | The NHS are saying that patient privacy hasn’t been compromised, but if significant numbers of hospitals have been negligently running unpatched computers for two months after the patch came out, how do they know? |