NHS hack: What is ransomware, was this nightmare cyber attack 'inevitable' and do I need to worry?

The sensitivity and importance of the NHS’s data makes it a perfect target for such an attack

Andrew Griffin
Friday 12 May 2017 15:59 BST

Hospitals across England have been hit by a devastating cyber attack: the NHS’s nightmare scenario might just have come true.

The hack has left patients being diverted and doctors working with paper and pen, after many of the NHS’s systems went down.

It is is a horrifying and surprising event. But it is one that the NHS and other organisations have been warned about for years – and a signal of a trend that may grow from here.

The specific problem is a piece of ransomware. That does what it sounds: takes data and only gives it back if the person, people or company affected pay money.

The “ransom” is usually paid in the form of bitcoin to an unknown address, at which point the files are unlocked. But if it isn’t paid, the price will increase – and, eventually, the files will be deleted.

It works by installing a piece of malicious software that encrypts all of the files so that they can only be unlocked with a specific password. It’s that password that people are paying for.

Why has the NHS been attacked?

The NHS is a perfect combination of sensitive data and insecure storage. And there’s very little they can do about it.

The data at the heart of the cyber attack includes people’s most personal information – like their medical histories. And it can be necessary to keep them alive.

That means that such an attack can’t simply be dismissed, like it might be on a personal computer. There’s no way that the NHS can simply wipe its systems and start again.

And the huge scale of the NHS and its digital systems – which it has struggled to update for the modern age – makes it very easy to attack.

Only this week, the British Medical Journal warned that hospitals need to prepare better to “avoid shutdowns”. “We should be prepared: more hospitals will almost certainly be shut down by ransomware this year,” wrote Krishna Chinthapalli, a neurology registrar, in the conclusion of the article.

Shouldn’t they have known this was going to happen?

Yes – and they did. There have been numerous warnings to healthcare companies and institutions like the NHS that they were ripe for such an attack, and should protect themselves against it.

But knowing about it is vastly different to actually keeping it out. All any attack needs is one person to open a bad file – if that file is good at its job, then it can easily infect the rest of a network.

IT experts can mitigate against that – and do. But all it needs is one piece of malicious software to make it through, which appears to have happened to the NHS.

Do I need to worry?

For now, there is no indication that patient files or any other data has actually been accessed. It may still have been – but that isn’t usually the way that such ransomware attacks work.

That doesn’t mean that your files won’t be part of the attack. But it does mean that rather than being spread or sold on the internet, they are being encrypted and locked down.

If you are worried, you should keep following the news from your local trust. Hospitals are being very communicative about what’s going on – and will inform anyone who is caught up in any attack to that fact.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in