Twelve Scottish health boards, including the ambulance service, have been affected by a major cyber attack which has hit organisations around the world.
The Scottish Government confirmed that all but three of Scotland’s NHS boards and the Scottish Ambulance Service were affected by the “ransomware” incident.
Most cases have involved desktop computers in GP surgeries, dental practices and other primary care sites, but hospitals in the NHS Lanarkshire region are also affected.
Ransomware is software which invades computer systems and takes control of files. The attackers demanded Bitcoin payments of £230 to unlock NHS IT systems.
The attack has seen dozens of NHS organisations in England affected.
The organisations affected in Scotland are NHS Borders, NHS Dumfries and Galloway, NHS Fife, NHS Forth Valley, NHS Lanarkshire, NHS Greater Glasgow and Clyde, NHS Tayside, NHS Western Isles, NHS Highlands, NHS Grampian, NHS Ayrshire and Arran and the Scottish Ambulance Service.
The UK’s National Cyber Security Centre is investigating the attack, and on Friday evening the First Minister chaired a meeting of the Scottish Government’s resilience room to discuss the response.
She said there was no evidence patient data had been compromised and patient services were continuing to operate.
Nicola Sturgeon said: “Immediate steps were taken to isolate the affected systems and to ascertain the exact nature of the malware being used.
“I have convened a Scottish Government resilience meeting to ensure that we are closely monitoring the situation.
“All necessary steps are being taken to ensure that the cause and nature of this attack is identified. There is no evidence that patient data has been compromised.”
She continued: “Our officials continue to work closely with affected boards and relevant authorities like the National Cyber Security Centre to take steps to isolate any affected systems.
“Our priority is to ensure that boards get all the support required to identify the full extent of any problems, and return IT systems to normal as soon as possible, so there is as little impact on patient care as possible.
“I would like to thank all of the NHS staff who are continuing to work hard to ensure that the impact of this attack is kept to an absolute minimum. I have complete confidence that they will continue to provide the excellent care for which they are famous.”
The ransomware used in the attack is believed to be Wanna Decryptor, malicious software which deletes files and replaces them with encrypted copies.
Victims are usually forced to pay to have their files decrypted and attackers often demand they are paid in Bitcoins to eliminate the risk of being traced through bank transfers.
According to cyber analysis, the Wanna Decryptor malware used in the attack on the NHS and Telefonica “exploits a similar vulnerability” to an NSA-developed tool known as EXTERNALBLUE, researcher Marco Cova said.
The tool was made public earlier this year when it was released as part of a ‘data dump’ of NSA cyber tools by a group calling itself The Shadow Brokers.