More ransomware cases may come to light on Monday, possibly on “a significant scale”, the UK’s cyber-security agency has warned after a global cyber-attack.
The National Cyber Security Centre has advised firms how to protect computers as they start the working week.
It comes after Friday’s attack caused disruption in 150 countries. In the UK, NHS hospitals, pharmacies and GP surgeries were the worst-affected.
A handful of trusts are still dealing with problems caused by the hack.
In a statement, the National Cyber Security Centre said a ransomware attack of this type and on this scale could happen again although there is “no specific evidence” as yet.
It said it knew of attempts to attack organisations other than the NHS, and warned more cases could “come to light” in the UK and elsewhere as the new working week begins.
Ransomware attacks are “some of the most immediately damaging forms of cyber-attack”, it said, and advised companies to:
- Keep your organisation’s security software patches up to date
- Use proper anti-virus software services
- Back up the data that matters to you, because you can’t be held to ransom for data you hold somewhere else
The NHS, Fedex and the main telecoms operator in Spain were among 200,000 known victims – organisations and private individuals – of Friday’s global cyber-attack.
The ransomware, which locked users’ files and demanded payment to allow access, spread to 150 countries, including Spain, Russia, the US and China.
In England, 47 trusts reported problems at hospitals, GP surgeries or pharmacies and 13 NHS organisations in Scotland were also affected.
Some hospitals were forced to cancel treatment and appointments and, unable to use computers, many doctors resorted to using pen and paper.
The cost of the attack is unknown, in the UK or beyond, but BBC analysis of three accounts linked to the ransom demands suggest hackers have already been paid the equivalent of £22,080.
What can patients expect?
Advice as of Sunday evening:
- St Bartholomew’s in London – IT disruption ongoing. Planned surgery and outpatient appointments will be reduced on Monday at the trust’s five hospitals – the Royal London, Newham, Whipps Cross, Mile End and St Bartholomew’s. Patients should attend booked appointments on Monday unless their hospital contacts them to say otherwise
- East and North Hertfordshire Trust – Patients should assume their appointment is going ahead unless they hear otherwise. Neither Lister Hospital nor the New QE2 are doing non-urgent blood tests
- James Paget University Hospitals Trust, Norfolk – All clinical and surgical appointments this weekend have been cancelled. Patients with appointments on Monday and Tuesday are being advised to attend unless they hear from their hospital. A&E wait times are longer than usual
- Southport and Ormskirk Hospital NHS Trust – Problems continuing with IT systems. Patients scheduled for surgery on Monday are being told not to attend unless they are contacted. All outpatient and endoscopy appointments for Monday are cancelled
- Lincolnshire Hospitals NHS Trust – Outpatient appointments, diagnostic tests and routine operations are cancelled on Monday
- York Teaching Hospitals NHS Trust – Services are “almost back to normal” albeit a little slower so patients can assume their appointments on Monday will go ahead
What are the political parties saying?
The government is insisting that the NHS had been repeatedly warned about the cyber-threat to their IT systems.
Defence Secretary Michael Fallon said £50m of £1.9bn set aside for UK cyber-protection was being spent on NHS cyber systems to improve their security.
But Labour say the Conservatives have cut funding to the NHS’s IT budget and specifically a contract to protect computer systems was not renewed after 2015.
The Liberal Democrats and Labour have both demanded an inquiry into the cyber-attack.
In an interview on BBC One’s Andrew Marr show, Sir Michael said NHS trusts had been encouraged to “reduce their exposure to the weakest system, the Windows XP”, with fewer than 5% of trusts using it now.
“We want them to use modern systems that are better protected. We warned them, and they were warned again in the spring. They were warned again of the threats,” he added.
Shadow health secretary Jonathan Ashworth has written to Health Secretary Jeremy Hunt to ask why concerns repeatedly flagged up about the NHS’s “outdated, unsupported and vulnerable” machines had not been addressed.
On ITV’s Robert Peston, Mr Ashworth accused the government of having “cut the IT and infrastructure budget” by £1bn in the NHS, and said his party, if elected to power, would put £10bn into the infrastructure of the NHS.
He called for the Conservatives to publish the Department of Health’s risk register to see how seriously they were taking IT threats.
Please include a contact number if you are willing to speak to a BBC journalist. You can also contact us in the following ways: