We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not a subscriber? Subscribe now for unlimited access to online articles.


Widespread Ransomware Attack Hits U.K. Hospitals

The National Health Service has found data on many of its computers locked up by hackers and may have little choice but to capitulate to demands for cash.

Many hospitals around the U.K. have been hit by ransomware, facing them with demands to pay hackers to unlock their data.

The Guardian reports that a number of National Health Service hospitals around England were hit on Friday. The attacks encrypt the data on a computer or network, then lock access until a user has paid a ransom, usually in Bitcoin. Speaking to the newspaper, an IT worker at the NHS reported:

“At approximately 12.30pm we experienced a problem with our email servers crashing. Following this a lot of our clinical systems and patient systems were reported to have gone down. A bitcoin virus pop-up message had been introduced onto the network asking users to pay $300 to be able to access their PCs. You cannot get past this screen.”

It’s not clear yet how widespread the hack is, but the Guardian names at least six hospital trusts that have been affected, many of which operate multiple hospitals. Some of those that are affected have been diverting emergency patients to ensure their safety.

It’s by no means the first time hospitals have been targeted by hackers. But these kinds of attacks are particularly troubling because of the way they lock up data using encryption that can’t easily be broken. While problematic when they’re leveled at, say, public transit infrastructure, they’re downright dangerous when targeted at hospitals, because they lock away patient data that could make the difference between life and death.

Keith Martin, who runs the Information Security Group at Royal Holloway, University of London, tells MIT Technology Review that in theory an organization such as the NHS would be able to recover from such an attack by restoring its systems from backups. “However, this could take quite a while, maybe even days, so the interruption could be significant,” he adds.

That also assumes that the organization takes cybersecurity seriously. Martin says that he “would hope that the NHS falls very much into the 'cybersecurity aware' category,” adding that “an organization being less careful about cybersecurity could be in real trouble. Either they take a data loss hit, or they stump up the money.”

Sadly, the NHS doesn’t have a wonderful track record for prizing its cybersecurity. An analysis based on Freedom of Information requests published late last year, for instance, revealed that 90 percent of NHS trusts continue to use Windows XP—an operating system no longer supported by Microsoft, and therefore no longer provided with with security updates.

As a result, affected hospitals may have little choice but to capitulate to the demands of the hackers—as Hollywood Presbyterian Medical Center in Los Angeles was forced to do last year. According to Patrick O’Neill, a reporter at CyberScoop, that appears to be happening already with the NHS. He claims to be watching the Bitcoin wallet that hackers have asked for funds to be deposited into, and he says that several payments have been made so far.

(Read more: Guardian, Inquirer, “With Hospital Ransomware Infections, the Patients Are at Risk,” “Hackers Are Homing In on Hospitals,” “Hospital Forced Back to Pre-Computer Era Shows the Power of Ransomware”)

Keep up with the latest in Security at Business of Blockchain 2019.

May 2, 2019
Cambridge, MA

Register now
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Print + All Access Digital.
  • Print + All Access Digital {! insider.prices.print_digital !}*

    {! insider.display.menuOptionsLabel !}

    The best of MIT Technology Review in print and online, plus unlimited access to our online archive, an ad-free web experience, discounts to MIT Technology Review events, and The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Unlimited access to all our daily online news and feature stories

    6 bi-monthly issues of print + digital magazine

    10% discount to MIT Technology Review events

    Access to entire PDF magazine archive dating back to 1899

    Ad-free website experience

    The Download: newsletter delivery each weekday to your inbox

    The MIT Technology Review App

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.