No evidence GP patient data compromised in cyber attack, says EMIS

No evidence has emerged to suggest patient data has been compromised in EMIS Health systems during a cyber attack that has disabled NHS organisations across the country, the UK's largest supplier of GP IT systems has confirmed.

Practices reported they were unable to use clinical IT systems following the attack on Friday, understood to have been triggered by a form of malware named by NHS Digital as 'Wanna Decryptor'.

The malware has locked some NHS hospitals out of their IT systems, displaying a message demanding a $300 payment in the virtual currency Bitcoin. Practices have also reported being forced to shut down their IT systems, and patients say they have been turned away from practices.

A spokesman for EMIS Health said: 'There is no evidence to suggest that EMIS Health systems have been compromised or impacted as a result of the cyberattack on NHS computer systems today.

'Some of our customers have chosen to shut down their entire computer networks to safeguard their organisations, which means that our software is not available for those users. This includes customers using both our hospital and GP software.

GP IT systems

'We are working closely with affected customers to support them, and with NHS Digital.'

GPC IT subcommittee chair Dr Paul Cundy told GPonline: 'I would imagine this has arrived via the NHS spine or NHS mail.'

A statement from the British Computer Society said the ransomware attack highlighted 'the need for hospitals to have robust and tested cyber security, run by trained and supported IT professionals'.

David Evans, director of policy and community at BCS said: 'As news continues to break about this attack, we are reminded that there are some very sick and warped individuals in this world who would seek to put people’s safety and wellbeing at risk in return for money. The fact that some trusts have, as a result of this attack, had to turn patients away and put services on an emergency footing shows the reliance and trust placed on information and technology.

'Unfortunately, any system can be hacked, and that is why trusts must recognise how important it is that they support IT professionals who can protect and defend against such heinous attacks. The IT profession in health and care also needs to step up and meet that challenge.'

IT security

A Patients' Association statement said the NHS had failed to learn from previous IT incidents, and warned politicians not to be 'squeamish about the cost of keeping our NHS secure'.

'We should be clear that the responsibility for today’s apparently extensive attack on NHS IT systems, and for any harm that occurs to patients as a result, lies with the criminals who have perpetrated it,' the statement said.

'However, that something of this sort could happen will surprise few people. It has long been known that the NHS struggles with IT in multiple respects, and that this includes serious security problems. Though today’s may be the largest attack of this sort, it is not the first – yet the lessons from earlier incidents have not been learnt.'

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins


Already registered?

Sign in

Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus