Home secretary: Almost all NHS systems hit in global ransomware attack have now recovered

NHS IT systems have almost entirely recovered from the disruption caused by a global cyber attack, according to home secretary Amber Rudd.

Speaking after chairing a meeting of Cobra, the crisis response committee, she said 97 per cent of Britain’s health service trusts are now “working as normal”.

She said 48 of 248, around one in five, health service trusts in England had been impacted by yesterday’s attack, but that all except six were now functioning normally.

“The response has in fact been very good,” she said. “We think we have the right preparedness in place and also the right plans going forward over the next few days to ensure that we limit its impact going forward.

Rudd earlier told the BBC she expects NHS trusts to learn from the cyber attack and upgrade its systems.

Read more: This is where the UK ranks in global resilience to disasters

There was no evidence that any patient health data was stolen in the assault using ransomware, a type of software which hijacks files until the company or individual pays a ransom. No information about the attackers has been released.

The attack affecting the health service was part of a much wider cyber assault that has infected tens of thousands of computers in around 99 countries in public sector organisations and private companies such as global postage group FedEx and Telefonica in Spain.

Russia, Ukraine and Taiwan were the top targets, researchers with security software maker Avast has said.

Read more: Nissan and Renault latest firms to be hit in cyber attack

The hacking tool, a new variant of “WannaCry” ransomware, is believed to have been developed by the US National Security Agency. It encrypts data on the affected computers, reportedly demanding payments of between $300 (£230) to $600 in order to access computer files again. It has been widely reported the hackers have demanded the ransom be paid in cryptocurrency bitcoin.

Read more: Businesses turn to Google more than government for cyber security info

“The cyber-attack, using a ransomware bug known as WannaCry, appears to have used an NSA exploit known as “Eternal Blue” that was disclosed on the web by Shadow Brokers. Microsoft released a patch earlier this year to address the vulnerability, but it appears that a number of hospitals and other users have not applied the patch,” said Creighton Magid, partner at the international law firm Dorsey and Whitney.

“Like the DDOS attack last October, this attack shows that interconnected devices and systems are vulnerable to attack by nations, non-state actors and just plain crooks.”