Skip to main content

Main menu

  • Home
  • COVID-19
    • Articles & podcasts
    • Blog posts
    • Collection
    • News
  • Content
    • Current issue
    • Past issues
    • Early releases
    • Collections
    • Sections
    • Blog
    • Infographics & illustrations
    • Podcasts
    • Classified ads
  • Authors
    • Overview for authors
    • Submission guidelines
    • Submit a manuscript
    • Forms
    • Editorial process
    • Editorial policies
    • Peer review process
    • Publication fees
    • Reprint requests
  • CMA Members
    • Overview for members
    • Earn CPD Credits
    • Print copies of CMAJ
    • Career Ad Discount
  • Subscribers
    • General information
    • View prices
  • Alerts
    • Email alerts
    • RSS
  • JAMC
    • À propos
    • Numéro en cours
    • Archives
    • Sections
    • Abonnement
    • Alertes
    • Trousse média 2021
  • CMAJ JOURNALS
    • CMAJ Open
    • CJS
    • JAMC
    • JPN

User menu

Search

  • Advanced search
CMAJ
  • CMAJ JOURNALS
    • CMAJ Open
    • CJS
    • JAMC
    • JPN
CMAJ

Advanced Search

  • Home
  • COVID-19
    • Articles & podcasts
    • Blog posts
    • Collection
    • News
  • Content
    • Current issue
    • Past issues
    • Early releases
    • Collections
    • Sections
    • Blog
    • Infographics & illustrations
    • Podcasts
    • Classified ads
  • Authors
    • Overview for authors
    • Submission guidelines
    • Submit a manuscript
    • Forms
    • Editorial process
    • Editorial policies
    • Peer review process
    • Publication fees
    • Reprint requests
  • CMA Members
    • Overview for members
    • Earn CPD Credits
    • Print copies of CMAJ
    • Career Ad Discount
  • Subscribers
    • General information
    • View prices
  • Alerts
    • Email alerts
    • RSS
  • JAMC
    • À propos
    • Numéro en cours
    • Archives
    • Sections
    • Abonnement
    • Alertes
    • Trousse média 2021
  • Visit CMAJ on Facebook
  • Follow CMAJ on Twitter
  • Follow CMAJ on Pinterest
  • Follow CMAJ on Youtube
  • Follow CMAJ on Instagram
News

NHS ransomware attack spreads worldwide

Roger Collier
CMAJ June 05, 2017 189 (22) E786-E787; DOI: https://doi.org/10.1503/cmaj.1095434
Roger Collier
CMAJ
  • Find this author on Google Scholar
  • Find this author on PubMed
  • Search for this author on this site
  • Article
  • Figures & Tables
  • Responses
  • Metrics
  • PDF
Loading

A cyber-attack that affected more than 60 trusts within the United Kingdom’s National Health Service (NHS) has spread to more than 200 000 computer systems in 150 countries, including Canada. One hospital in Ontario — Lakeridge Health in Oshawa — reported that its computer system was threatened by the ransomware. The hospital’s antivirus software contained the threat, however, and patient care and access to health records were not affected.

Hospitals and general practitioners’ offices in the UK were not as fortunate, however. On May 12, the “WannaCry” ransomware began affecting dozens of NHS facilities. Eventually, more than 60 NHS trusts were hit. Many facilities could not access patient records, which led to delays of non-urgent surgeries and cancelled patient appointments. Some hospitals had to divert ambulances to other facilities.

According to UK Health Secretary Jeremy Hunt, there has not been a second wave of attacks, and 80% of the NHS was unaffected. About 16 NHS trusts, however, were still affected on May 15. Patients have been advised to show up for appointments unless instructed otherwise.

Some commentators have been swift to blame the NHS for failing to invest in technology that could have prevented the attack. Although the NHS does not appear to have been specifically targeted by whoever is behind the WannaCry ransomware, it was vulnerable to attack because some of its Windows operating systems are more than 15 years old and were no longer updated or supported by Microsoft.

Figure1

Cyber attack on UK hospitals causes delayed surgeries and cancelled appointments.

Image courtesy of kaptnali/iStock

According to cyber-crime expert Charles Arthur, most NHS trusts spend a “paltry” amount each year on securing their computing systems, and some spend nothing at all. “All that made the events of the past few days a disaster waiting to happen,” Arthur wrote in The Guardian, further suggesting that part of the problem is that nobody, even those inside the NHS, will acknowledge the extent of their security issues.

Though this attack was the largest, many NHS facilities have been threatened by ransomware in recent years. According to Arthur, who is writing a book on hacking incidents like the WannaCry virus, 88 of the NHS’ 260 trusts were hit by ransomware between mid-2015 and the end of 2016.

Since hitting the NHS on May 12, the WannaCry ransomware has spread rapidly, affecting many businesses around the world, including the shipping company FedEx. The virus is downloaded to a computer when a user clicks a link in an email or opens an attachment. Files on the computer are then encrypted and can only be unlocked if the user pays a ransom.

The party behind the WannaCry virus demanded US$300 in bitcoin to unlock each affected computer, with a doubling of the charge after three days, and the threat of all data being lost if payment was not received within a week. Cyber-crime experts warn against making such payments, saying there are no guarantees that users will regain access to their data if they pay up.

Nobody yet knows who is behind the attack. Some pointed fingers at Russia, but Russian President Vladimir Putin has denied any involvement. The technology required to create the virus appears to have been stolen by hackers from the United States National Security Agency. The spread of the virus was slowed, but not stopped, by the work of Marcus Hutchins, a 22-year-old self-taught cyber-security expert, who discovered a “kill switch” inside the virus.

PreviousNext
Back to top

In this issue

Canadian Medical Association Journal: 189 (22)
CMAJ
Vol. 189, Issue 22
5 Jun 2017
  • Table of Contents
  • Index by author

Article tools

Print
Download PDF
Article Alerts
To sign up for email alerts or to access your current email alerts, enter your email address below:
Email Article

Thank you for your interest in spreading the word on CMAJ.

NOTE: We only request your email address so that the person you are recommending the page to knows that you wanted them to see it, and that it is not junk mail. We do not capture any email address.

Enter multiple addresses on separate lines or separate them with commas.
NHS ransomware attack spreads worldwide
(Your Name) has sent you a message from CMAJ
(Your Name) thought you would like to see the CMAJ web site.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Citation Tools
NHS ransomware attack spreads worldwide
Roger Collier
CMAJ Jun 2017, 189 (22) E786-E787; DOI: 10.1503/cmaj.1095434

Citation Manager Formats

  • BibTeX
  • Bookends
  • EasyBib
  • EndNote (tagged)
  • EndNote 8 (xml)
  • Medlars
  • Mendeley
  • Papers
  • RefWorks Tagged
  • Ref Manager
  • RIS
  • Zotero
‍ Request Permissions
Share
NHS ransomware attack spreads worldwide
Roger Collier
CMAJ Jun 2017, 189 (22) E786-E787; DOI: 10.1503/cmaj.1095434
Digg logo Reddit logo Twitter logo Facebook logo Google logo Mendeley logo
  • Tweet Widget
  • Facebook Like
  • Google Plus One

Jump to section

  • Article
  • Figures & Tables
  • Responses
  • Metrics
  • PDF

Related Articles

  • No related articles found.
  • PubMed
  • Google Scholar

Cited By...

  • No citing articles found.
  • Google Scholar

More in this TOC Section

  • Unpacking “long COVID”
  • Canada’s long road to a vaccine injury compensation program
  • Health advocates want help handling online harassment
Show more News

Similar Articles

Content

  • Current issue
  • Past issues
  • Collections
  • Sections
  • Blog
  • Podcasts
  • Alerts
  • RSS
  • Early releases

Information for

  • Advertisers
  • Authors
  • Reviewers
  • CMA Members
  • Media
  • Reprint requests
  • Subscribers

About

  • General Information
  • Journal staff
  • Editorial Board
  • Governance Council
  • Journal Oversight
  • Careers
  • Contact
  • Copyright and Permissions

Copyright 2021, Joule Inc. or its licensors. All rights reserved. ISSN 1488-2329 (e) 0820-3946 (p)

All editorial matter in CMAJ represents the opinions of the authors and not necessarily those of the Canadian Medical Association or its subsidiaries.

To receive any of the resources on this site in an accessible format, please contact us at cmajgroup@cmaj.ca.

Powered by HighWire