NHS Cyber Attack! – 5 things I learned

On Friday 12th May NHS IT and communication systems up and down the UK were shut down as Hospitals and GP surgeries fell victim to a ransomware attack on their computer systems. Staff were presented with a screen stating that their files had been encrypted and demanded $300 in Bitcoins, an online currency, in order to make the data usable again. The virus spread quickly across the heavily networked but aging NHS infrastructure. Affected organisations gave the order to shut down all IT systems to halt the spread and large parts of the NHS lost all telephone and computer systems as they were returned to the world of pen and paper.

At my surgery in Nottingham, we were without computer systems for three working days. Being under “cyber attack” was an interesting experience.

The effect of losing multiple systems all at once was extremely disruptive. To make matters worse, our IT support and CCG also lost the use of their phones, email and computers at the same time. It was impossible to report problems upward, communicate with our colleagues or receive instructions about how to react or respond.

However, we in General Practice and the NHS are an adaptable bunch. It was only a matter of minutes before we were handwriting on the paper from our printers and dusting off the BNFs. Reception did a great job of recreating our appointment ledger on a white board. Patients were understanding. Staff turned to social media and news websites on their phones for information. Before long people across the system were finding alternative ways of communicating, using mobile phone numbers, facebook, twitter and personal emails to cascade information and coordinate our response. Our staff even drove around neighbouring practices to inform them of the instructions to switch off their IT.

We were able to continue seeing patients, though our services were limited by the lack of access to patient’s medical histories, results, hospital letters, medications and allergies. We even completed scheduled minor surgery lists.


The debate about how critical health IT systems were left vulnerable to this attack will rumble on. Important questions will be asked about how this happened…

  • With many organisations still running WindowsXP (released 2001), is investment and funding for NHS IT sufficient?
  • Are software update patches applied universally and quickly?
  • Are contingency plans for major incidents of this type and scale up to scratch?


As the dust settles, I have some reflections of my own…

Future cyber attacks could be extremely effective

If one system is lost, it is fairly easy to create a workaround using those that are left. If a single clinic cannot function then patients can be diverted. However, the effect of simultaneously losing multiple systems across multiple parts of an organisation is crippling. Not only is the ability to function and provide a service affected, but the capability to respond and recover is also degraded.

The next cyber attack may be more coordinated and could target another part of our infrastructure such as banking, government, or utilities.

As an organisation and as individuals, we are very reliant on technology

UK General Practice has been a leader in the area of electronic patient records to the extent that no recent information is retained except for on our computers. Information regarding test results, hospital letters, medical histories, repeat prescriptions and allergies were all inaccessible. Our local prescribing and referral guidelines are online and even our list of important telephone numbers is stored on our intranet.

Having all the reference material I could ever need available at the click of a button has meant that I have less information committed to memory. My old textbooks are collecting dust at home rather than at the surgery. Without a powered USB port on my computer, I couldn’t even charge my phone to keep it running. I found it much more uncomfortable to work without a computer and internet access than I would have hoped.

Thank goodness for mobile phones, mobile internet and social media

The modern world gives us many different ways to communicate and people are resourceful and adaptable. It was only minutes before staff were finding alternative ways of communicating and sharing information. I was provided with the mobile number of an IT support worker via twitter. Our local GP Federation collected and made available alternative contact details for practices. In some cases people physically visited colleagues to update them.

Always be prepared – as the Scouts say

The world is unpredictable and their is sure to be another cyber attack, IT failure or similar crisis in the future. It will be important that there is not just a requirement for individual organisations to have robust continuity plans, but that regions have strategies in place to respond to the loss of multiple systems across their whole area. It will be important to have system backups and redundancies in place. Registers of alternative contact details, information cascade mechanisms, low tech solutions for vital functions, even physical rally points for receiving information and the ability to use local TV and radio stations to communicate with services might have their place.


Fortunately, this time the telephones and computers were not off for long and things are returning to normal at the surgery.

But, I am left feeling a little more vulnerable than I did before.

I will be keeping some key books and hard copies of important information at the surgery. I will also be giving some thought to what I might need available at home if other services such as power, communications or banking were attacked in the future.


Lets see what further lessons the post mortem of this event reveals…


Update: The Ransomware attack presented some interesting opportunities to work with media outlets including SkyNews and NottsTV to keep patients informed about developments. For those who missed them and are interested, here are the interviews…


I hope you enjoyed this post. Please share with friends and colleagues, follow me on twitter and leave a comment below.

Remember to sign up for free updates when I post new material using the “Subscribe To” box in the top right of the site.

What do you think of this post? Comments welcome :-)