Multiple hospital trusts and other NHS organisations are suffering significant IT systems problems following a major ransomware attack.

On Saturday afternoon, it was confirmed that 48 trusts had been affected in total since the outbreak began on Friday. Of these, 43 were operating normally under business continuity plans as of Saturday afternoon, HSJ was told.

A further five were receiving additional support with their problems - these included Barts Health Trust, which on Friday had to close to major trauma admissions.

Following a COBRA meeting on Saturday afternoon, home secretary Amber Rudd - who is coordinating the effort - said she felt the NHS “had the right preparedness in place”, in response to concerns.

Reports from several trusts suggest that, while they are providing emergency care as needed, there were still substantial contraints on them and processes hampered through Saturday. Some did not have access to electronic clinical records were using pen and paper. 

Effects of the attack have included some hospitals diverting emergency ambulances, asking patients to go elsewhere, and cancelling planned appointments. There have been major problems with diagnostics - for example accessing images and results - and communications.  Southport and Ormskirk Hospital Trust said patients scheduled for surgery on Monday should not attend.

It is also unclear what progress the 48 trusts are making in removing the infection from their systems and returning them to normal use; as opposed to working under continuity arrangements without the systems. Most appear to be still working on the problem on Saturday evening.

There has been a significant impact on GP practices in some areas, but the full extent of this and the severity is unclear. Officials are due to examine this in coming hours and day.

The outbreak began on Friday. HSJ began receiving reports from around the country of providers being seriously affected by the cyberattack.

Barts Health Trust said it was “experiencing a major IT disruption”, was activating a “major incident plan”. It has stopped major trauma admissions, cancelling routine appointments and ambulances are being diverted to neighbouring hospitals.

HSJ also learned of consultants being offered extra money to work additional shifts to cope with the effects of the attack over the weekend. One text to consultants in Manchester said managers were anticipating “carnage due to the virus” adding: “They may have to shut down all IT systems to work on it. Currently only external systems and Internet shut down at the moment.”

It added the trust had “made a plea for us to do any extra hours we can to help out”.

Images from some affected computers show a screen asking for money:



The malware threat received by some NHS trusts

NHS Digital said on Saturday afternoon that there were still no reports of patient data being stolen but work continued to restore systems. 

“We are continuing to work around the clock to support NHS organisations that have reported any issue due to yesterday’s cyber-attack,” a statement said.

“While some affected trusts are hopefull services will be restored by Monday others have warned patients of disruption.”

A wide range of IT services have been affected, including picture archiving communication systems for x-ray images, pathology test results, phone and bleep systems and patient administration systems.

One source in a hospital on Friday said: “This will mean delays and a focus on the sickest patients. I’ve seen it once before and we relied on local trusts supporting each other. If truly widespread then that’ll not be an option.”

NHS incident director Anne Rainsberry, also NHS England’s London director, said on Friday: “We’d like to reassure patients that if they need the NHS and it’s an emergency that they should visit A&E or access emergency services in the same way as they normally would and staff will ensure they get the care they need.

“More widely we ask people to use the NHS wisely while we deal with this major incident which is still ongoing. NHS Digital are investigating the incident and across the NHS we have tried and tested contingency plans to ensure we are able to keep the NHS open for business.”

Updated on 13 May at 5.15pm and 6.35pm, and throughout the afternoon of 12 May