doc

Patients face a weekend of chaos after hospitals and GP surgeries across the country were crippled by a global cyber attack yesterday, forcing them to cancel and delay treatments.

It is feared computers in A&E wards, GP's surgeries and other vital services across the NHS were infected with a virus based on hacking tools developed by US cyber warfare agents.

At least 30 health service organisations in England and Scotland were infiltrated by the malicious software, while many others shut down servers as a precautionary measure, bringing added disruption.

The government and NHS bosses are now facing growing questions about why preventative measures – including upgrading 15-year-old computer equipment – were not taken.

Doctors reported seeing computers go down "one by one" as the "ransomware" took hold on Friday (May 12), locking machines and demanding money to release the data.

The National Cyber Security Centre (NCSC) said teams were "working round the clock" in response to the attack as it was reported up to 99 countries, including the US and Russia, were hit.

Prime Minister Theresa May said the government is not aware of any evidence patient records had been compromised.

"This is not targeted at the NHS,” she added. “It's an international attack and a number of countries and organisations have been affected.”

However, shadow health secretary Jonathan Ashworth said the attack was "terrible news and a real worry for patients" and urged the Government to be "clear about what's happened".

Ross Anderson, professor of security engineering at Cambridge University's computer lab, said the incident is the "sort of thing for which the secretary of state should get roasted in Parliament”.

"If large numbers of NHS organisations failed to act on a critical notice from Microsoft two months ago, then whose fault is that?" Mr Anderson told The Guardian.

As the scale of the security breach became clear on Friday afternoon, ambulances were diverted and patients told to avoid some A&E departments.

Staff reverted to pen and paper and used their own mobiles after key systems were affected, including telephones.

A total of 19 English health organisations reported problems, including hospitals and clinical commissioning groups (CCGs) in London, Blackpool, Hertfordshire and Derbyshire.

Home Secretary Amber Rudd said 45 NHS organisations had been affected, work was ongoing to identify the attackers, and that no patient data had been stolen.

In December it was reported nearly all NHS trusts were using an obsolete version of Windows that Microsoft had stopped providing security updates for in April 2014.

Data acquired by software firm Citrix under Freedom of Information laws suggested 90 per cent of trusts were using Windows XP - then a 15-year-old system.

Got a story? Get in touch at craig.richard@london.newsquest.co.uk