NHS Bitcoin Ransom Hack: The Facts

Today the NHS fell victim to a ransom hack by the “Wanna Decryptor” virus. A large number of NHS trusts have been affected by the virus that has disrupted services, and harmed patient care. The ransom hack demanded payment in the form of bitcoin, a digital currency to end the ransom.
The Clinical Developers Club have written a brief guide for clinicians on the attack, and what they can do about it.

The scope of the problem

25 NHS trusts affected but there have also been areas outside of the UK that have been affected suggesting that it was not a directed attack.


Screen Shot 2017-05-12 at 23.07.43.png
map of reported ransom attacks


The technical details

This is a ‘ransomware’ virus- files are reversibly encrypted using a secure key- the same method that protects your online banking from being viewed by anyone else with the connection is now being misused to lock files until a ransom is paid. The encryption cannot be reversed without the key.

The virus uses a vulnerability in the Windows operating system, first researched by the NSA, and leaked last year as part of the NSA ‘hack’. A patch was deployed by Microsoft 2 months ago to prevent an attack just of this sort. Just as the child who presents with measles, we must ask- why did these NHS trusts not opt for their digital vaccinations?

Why the NHS?

It’s likely that this is not a targeted attack. NHS trusts are not the only places affected, and thousands of other businesses are also reporting the intrusion in 74 countries. Quite possibly the authors of the virus aimed to target a number of small businesses, and never expected to get into such a large target as the NHS, and the legal attention that will undoubtedly follow.

Questions for NHS England

  1. Why did 25 NHS trusts not deploy the recommended Microsoft patch, 2 months after it’s release?
  2. Are only ‘terminal’ level computers affected, or are any data centers compromised?
  3. What is the backup policy? Backing up files regularly will still result in data loss but the effect will be reduced as the information can be recovered from a previous backup.

Information for clinicians

Email attachments are an effective way for spreading viruses like ransomware. Do not open attachments unless you know who sent them and you can hold the person sending them accountable. Shutting down computers regularly and letting them update is also a good idea.

The key thing to take note that this is not compromised by personal devices like mobile phones. Due to the shock of the problem, there might be some managers suggesting bans on electronic devices. USB flash drives have been implemented in attacks in the past, one of the most famous being Stuxnet, a computer worm designed to hamper nuclear weapon development in Iran. However, the NHS attack was successful due to not updating a patch that was released by Microsoft two months ago. If this attack has taught us anything, it’s that it is vital that updates are deployed as soon as they are available, and that we learn to cope with downtime this sometimes entails. 

Our key message for clinicians

It is not enough for clinicians to be digitally complacent anymore. The IT system within your hospital or GP practice is as integral to your service as the bricks and mortar that surround it. You must take as much responsibility for the maintenance of your IT system as you do for infection prevention and control.

You must digitally ‘wash your hands’ in the NHS- websites and email attachments are blocked for a reason, and clinicians must adhere to this to avoid spreading viruses.

What is the clinical developers club

The clinical developers club is a group of clinicians (currently 91 members) who code and develop software solutions and projects. Roughly 90% of the club still has active clinical roles within the NHS and code in a number of different languages. They help their members and other clinicians and share the same vision, harness the power of software to improve patient outcomes and the NHS.

2 thoughts on “NHS Bitcoin Ransom Hack: The Facts

    1. I agree I love blockchain and I love that a Paramedic is suggesting it. We need more tech literate clinicians like you. Sadly the NHS is too far behind, right now it’s still using windows XP. I now spend part of my time writing code for a financial tech firm in central London. The NHS right now isn’t ready to make any serious advances in tech.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s