LONDON â Computer systems in hospitals and doctorsâ offices across Britain suffered large-scale failures Friday in a cyberattack likely carried out by ransom-seeking hackers that Prime Minister Theresa May said was part of an international assault on technology networks.
âThis is not targeted at the NHS,â May told reporters, referring to Britainâs National Health Service. âItâs an international attack, and a number of countries and organizations have been affected.â
It was not immediately clear how many other countries were affected. But authorities in Spain said Spanish companies were among those targeted.
The BBC broadcast a screen-shot of a message apparently sent to the National Health Service medical facilities demanding payments for unlocking computer files that had beenÂ âencryptedâ by the attack.Â
Officials made no public comment on the possible source of the hack, which touched off havoc and confusion across the state-run health system. Operations were canceled, emergency room services were scaled down, and medical personnelÂ went back to using handwritten notes.
Health officials offered no indication of when services might return to normal, or whether patient records could be permanently lost to the attack.
The demand specifies that payments should be made viaÂ bitcoin, an online currency. The screen-shot shows a demand for $300 worth of bitcoin, along with a countdown clock that appears to have begun with three full days.
âCan I recover my files?â the message asks. âSure. We guarantee that you can recover all your files safely and easily.â
Then it adds in slightly mangled syntax: âBut you have not so enough time.â It warns that the ransom demand will double after three days and that after seven days, âyou wonât be able to recover your files forever.â
A statement from NHS Digital â the computer services arm of the health service â said at least 16 hospitals or doctorâs officesÂ were directly affected by the attack. Officials later acknowledged the number was rising, though they did not give a precise figure.
Other health-care centers, meanwhile, turned off their computers to avoid potential infiltration. NHS Digital said it did ânot have any evidence that patient data has been accessed.â
There also was no immediate evidence to suggest disruptions to medical procedures that use high-tech tools. But the basic business of hospitals was being thrown into turmoil.Â
The style of attack that appeared to be on display Friday has become increasingly common in recent years, said Cornell University computer science professor Emin Gun Sirer.Â
The attacks, he said, feature hackers who infiltrate the computer network of an individual, company or institution, encrypt the files and then demand ransom payments in exchange for undoing the encryption. The attackers typically demand payment be made in bitcoins because âthere are no take-backs. Once a transfer has been made, itâs final.â
Sirer said ransomware has become a lucrativeÂ business for criminal syndicates that can make millions of dollars a day from such attacks. Once a victim has been successfully attacked, their choices are limited.Â
âUndoing the hack is going to be just about impossible,â he said.Â âThe only options are to wipe the machines and move on or to pay the ransom.âÂ
Hospitals have often been targets of such attacks, he said, because they typically have limited or outdated IT infrastructure to defend against them.Â
Nigel Inkster, former director of operations and intelligence for MI6, told Sky News that one of the reasons the NHS in particular was vulnerable was its outdated software system. âA lot of hospital trusts in the U.K. â 40-plus last time I checked â are running their systems on Windows XP software, which hasnât been supported by Microsoft for two or three years,â he said. âIn other words, Microsoft is no longer looking for and seeking to repair vulnerabilities in the system.âÂ
Attacks on health-care systems can also be especially high-stakes, creating potential life-or-death situations and raising the chances that the victim will ultimately pay.Â
Signs hung on the door at the emergency ward at the Royal London Hospital Friday afternoon read: âThe emergency department has no IT facilitiesâÂ
Across England on Friday, as well as at a handful of facilities in Scotland, internal tech systems were down in hospitals ranging from the center of London to rural parts of the countryâs south and north.Â
The attack affected emergency services in some locations, and patients were urged to avoid visits to the emergency room unless absolutely necessary.
NHS DigitalÂ said it would be working with Britainâs National Cyber Security Center in efforts to resolve the outage.Â It soon became clear that the assault extended far beyond Britainâs health service.Â
âThis attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors,â NHS Digital said in its statement without giving details.
The statement identified the culprit as a type of malware known as Wanna Decryptor, a malware that can give hackers the ability to access to encryption-protected files.
The attack came as SpainâsÂ National Cryptologic Center announced a âmassive ransomware attackâ against Spanish companies. The statement said the attackers were demanding a ransom paymentÂ in bitcoins.Â
The attack in Britain had immediate impacts in hospitals across the country.Â
Richard Harvey, 50, was just about to undergo surgery Friday afternoon on his leg following a motorcycle accident when a nurse told him that the procedure had been canceled due to a cyberattack.Â
âIâm a bit of a nervous person and had to get settled about the operation, which I was. Now I had to go through that again,â said Harvey, a former hospital porter who had been fasting since the previous evening in preparation for the operation at Royal London Hospital in east London. âA cyberattack? That doesnât happen every day.â
Stephen Hirst, a doctor in the northern English town of Preston, told the BBC that the first sign of the infiltration was an error message warning that âweâd have to pay money to unlock the computer because itâs been encrypted.
âItâs compromising having to open files and complete prescriptions. Itâs interfering with day-to-day functioning,â Hirst said.
Doctors were using pen and paper as the National Health Service struggled to get computers back online. Routine appointments were being canceled.
The BBC reported that a list of affected locations included London, Blackburn, Nottingham, Cumbria and Hertfordshire.Â
Cybersecurity has been high on the agenda of many high-level gatherings of Western military and political leaders.
A report issued Wednesday by the European Commission calledÂ for greater attention to cyberthreats as the world becomes âmore vulnerable to cyberattacks, with security breaches causing significant damage.â It said the commission plans a full review of European Union cybersecurity measures by September.