A major cyber attack on the NHS computer system has shut down GP practices and other NHS services around England.

The Pharmacist understands that some GP practice staff found themselves unable to work today (12 May) due to the hack.

Dr George Farrelly, a GP in East London, said his practice did not have access to patient records and could not prescribe medicines.

Dr Farrelly, who works at the Tredegar practice in Tower Hamlets, said his practice had ‘heard something might happen’ earlier in the day so had printed the appointment list.

He said: ‘I am going to see my patients, but of course, we cannot access any records and can’t prescribe.’

Meanwhile Dr Neil Paul, a GP in Cheshire, took a computer screenshot of the error message caused by the attack, which is requesting $300 worth of Bitcoin, the online currency.

He said that in his area around 'half' of practices were affected by the attack, including some cases of 'whole practices' being forced to shut down.

The Wingate Medical Centre in Liverpool also tweeted that it was unable to work.

And NHS Liverpool CCG warned patients to only contact their GP practice in an emergency.

NHS response

A spokesperson from NHS Digital said: 'A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack.

'The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.

'At this stage we do not have any evidence that patient data has been accessed. We will continue to work with affected organisations to confirm this.

'NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations, ensure patient safety is protected and to recommend appropriate mitigations.

'This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

'Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.'


Commenting on the attack, Phil Richards, CISO at Ivanti said: 'This appears to be a variant of WanaDecryptor which is a relatively new strain of ransomware.  This particular ransomware is correctly identified and blocked by 30% of the AV vendors using current virus definitions.  It is correctly handled by both Kaspersky and BitDefender.

'There is no public decryption (crack code) available at present. This malware modifies files in the /Windows and /windows/system32 directories and enumerates other users on the network to infect.  Both of these actions require administrative privileges.'