The UK’s National Health Service appears to have suffered a major hacking attack. Ransomware, a form of virus that encrypts personal files and then demands payment to decrypt them, appears to have infected computers in hospitals and doctor’s offices across the country.
The full extent of the attack is unknown, but the BBC is reporting that hospitals in London, Blackburn, Nottingham, Cumbria and Hertfordshire have been affected. The NHS uses a national computer system to help administer the service, and it appears that it has been infected, rather than just individual computers.
In a statement, NHS Digital said: “We’re aware that a number of trusts that have reported potential issues to the CareCERT team. We believe it to be ransomware.”
BBC technology reporter Rory Cellan-Jones posted this image on Twitter, showing what a doctor currently sees when trying to log into the system:
Here's what a London GP sees when trying to connect to the NHS network pic.twitter.com/lV8zXarAXS
— Rory Cellan-Jones (@ruskin147) May 12, 2017
Based on the demands for ransom, this would appear to be a hack motivated by money, rather than by a state-sponsored actor, or someone looking for personal information.
Ransomware works by infecting a computer and then encrypting all personal files and documents with an unbreakable encryption. The hacker holds the keys to decrypt the files, and will only give that key up in return for payment, commonly made using Bitcoin. If the victim of the hack has robust backups of their system, ransomware is relatively easy to defeat: any affected computers can be wiped and restored from a backup.
This is not the first time that hackers have targeted medical institutions with ransomware. Last year, a hospital in the US paid hackers around $17,000 to regain access to files. Thanks to the unbreakable nature of the encryption used by ransomware, paying up is often the only option. Even the FBI has previously admitted that the simplest and cheapest solution is often to pay the hackers what they want.