Creatas/Thinkstock(LONDON) — Hospitals across England have been hit by a “ransomware attack,” leaving patient files inaccessible, according to the National Health Service (NHS).
Cybersecurity experts told ABC News that the attackers used an NSA tool to exploit the MS17-010 vulnerability leaked by the hacker group Shadow Brokers in April.
“This appears to be the first known incidence of the use of an NSA exploit in a broad and far reaching cybercriminal campaign against a U.S. ally that has had profound impacts on delivery of healthcare in the UK,” John Bambenek of Fidelis Cybersecurity said.
Microsoft released a patch to address the vulnerability, but networks that did not adopt it would have remained vulnerable.
Chris Camacho, chief strategy officer at the cybersecurity firm Flashpoint, confirmed the use of NSA tools in the “clever” attack that used encrypted emails to work around security software and gain access to a network ripe for exploitation.
“There’s nothing you can do but pay once you’re hit,” Camacho said. “If you need that data back, you’re going to pay.”
As of this afternoon, 16 facilities with the NHS, which is the publicly funded health care system for England, had reported that they were affected by what appeared to be a large-scale cyberattack.
“The investigation is at an early stage but we believe the malware variant is Wanna Decryptor,” NHS Digital, the body of the Department of Health that uses information and technology to support the health care system, said in a statement.
A ransomware attack is when hackers infect computers with malicious software and demand ransoms to restore access.
The attack has locked computers and blocked access to patient files. But there’s no evidence so far that patient data has been accessed, NHS Digital said.
NHS Digital said it is working closely with the National Cyber Security Center, the Department of Health and NHS England “to support affected organizations and ensure patient safety is protected.”
“We’d like to reassure patients that if they need the NHS and it’s an emergency that they should access emergency services in the same way as they normally would and staff will ensure they get the care they need,” NHS incident director Anne Rainsberry said in a statement.
“More widely we ask people to use the NHS wisely while we deal with this major incident which is still ongoing. NHS Digital are investigating the incident and across the NHS we have tried and tested contingency plans to ensure we are able to keep the NHS open for business.”
The National Cyber Security Center said it is “aware of a cyberincident.”
Following the leak of NSA tools, Bambenek told ABC News that he had conversations with high-ranking U.S. national security officials in which he urged them to share information with private vendors so that they could develop countermeasures because the NSA had “lost control of its own weapons.”
“That did not progress rapidly enough, and here we are today,” Bambenek said. “The NSA can have very smart people finding these vulnerabilities, but not very smart people can start using them to very devastating effect.”
Copyright © 2017, ABC Radio. All rights reserved.