Normal service now resuming at Borders health centres hit by cyber attacks

Hawick Community Hospital.
Hawick Community Hospital.

Normal service is now resuming at Hawick Health Centre following last Friday’s cyber attacks by hackers using ransomware.

NHS Borders yesterday asked patients with appointments today at the Teviot Road centre, including Teviot Medical Practice, to check first before turning up, but that is no longer necessary, it says.

“Patients should attend for their appointments as normal. There is no longer a need to phone in advance,” said a spokesperson for the trust.

“We would like to thank everyone for their cooperation.

“Staff have been exceptional, and the public have been very understanding.”

Hawick Health Centre was one of the three NHS Borders sites hit by the worldwide cyber attacks.

The others were Hawick Community Hospital, in Victoria Road, and the trust’s learning disability service office in Earlston’s Church Street.

All the trust’s other sites – including the Borders General Hospital at Melrose and its three other community hospitals, at Peebles, Kelso and Duns – were unaffected and continued to operate as normal.

The malware problems that afflicted the three community sites were described as isolated incidents.

NHS Borders staff using laptops were asked to contact the trust’s information management and technology service desk upon returning to work today after the weekend to have their computers checked.

Almost 50 UK health trusts are believed to have been targeted by hackers scrambling data and demanding a ransom in the digital currency Bitcoin in return for making it accessible again and threatening to delete it if they don’t get paid.

All but three of Scotland’s 14 geographical health boards, as well as the Scottish Ambulance Service, were affected.

Acute hospital sites in Lanarkshire, as well as GP surgeries, dental practices and other primary-care centres around the country, were among those hit.

Besides NHS Borders, he health boards issued with ransomware demands are those serving Dumfries and Galloway, Fife, Forth Valley, Lanarkshire, Greater Glasgow and Clyde, Tayside, the Western Isles, the Highlands, Grampian, and Ayrshire and Arran.

The aftermath of the cyber attack on 48 NHS organisations is likely to have an impact on services for several days, say experts.

Hospitals across England and Scotland were crippled by the global attack on Friday after a ransomware virus infiltrated dozens of NHS organisations’ computer systems.

NHS Digital says engineers are working around the clock to fix the problem and that “the situation is changing and impacting on organisations in a range of different ways”.

“We are aware some bodies, which range from practices to trusts, may have suspended selected systems purely as a precautionary measure,” a spokesman said.

“We are aware of widespread speculation about the use of Microsoft Windows XP by NHS organisations, who commission IT systems locally depending on population need.

“While the vast majority are running contemporary systems, we can confirm that the number of devices within the NHS that reportedly use XP has fallen to 4.7%, with this figure continuing to decrease.

“This may be because some expensive hardware, such as magnetic resonance imaging scanners, cannot be updated immediately, and in such instances, organisations will take steps to mitigate any risk, such as by isolating the device from the main network.”

Mark Porter, chairman of the British Medical Association’s council, said: “This cyber attack on NHS information systems is extremely worrying for patients and the doctors treating them.

“There have been reports of hospital doctors and GPs unable to access patients’ medical records, appointment booking systems and, in some cases, having to resort to pen and paper.

“NHS staff are working extremely hard to provide the best possible patient care, and we hope NHS Digital are able to resolve these problems as soon as possible.

“We need to quickly establish what went wrong to prevent this happening again, and questions must also asked about whether inadequate investment in NHS information systems has left it vulnerable to such an attack.”

Ciaran Martin, chief executive of the National Cyber Security Centre, added: “The picture is emerging that this is affecting multiple countries and sectors and is not solely targeted at the NHS.

“We are very aware that attacks on critical services such as the NHS have a massive impact on individuals and their families, and we are doing everything in our power to help them restore these vital services.

“It is important that organisations reduce the risks of these attacks happening to them.”

Scottish Government justice secretary Michael Matheson yesterday said: “Friday’s attack has highlighted the need for everyone to have appropriate and robust measures in place to protect against cyber attacks which could strike any IT system at any time.

“NHS Scotland systems are being recovered. We expect them to have returned to normal by Monday, and it is important to emphasise that there is no evidence that patient data has been compromised. Patients who have appointments booked for Monday and beyond should attend as planned.

“However, we must remain particularly vigilant against further incidents, and the Scottish Government is taking action to enhance security, including contacting over 120 public bodies to ensure they have appropriate defences in place.

“Police Scotland has been working closely with the National Crime Agency, who are leading the UK-wide law enforcement investigative response, and this will continue.

“I would like to thank everyone at the NHS and other bodies who have been working round the clock to deal with this very serious incident and keep any impact on patient care to an absolute minimum.”