Global Ransomware Attack Disrupts NHS, Hospitals Across 100 Countries
A massive ransomware attack struck the UK’s National Health Service (NHS) and organizations worldwide on Friday, crippling hospital systems, canceling operations, and diverting ambulances. The attack, which exploited a Windows vulnerability, affected nearly 100 countries, with the NHS among the most severely impacted.
The malware, identified as WanaCrypt0r 2.0 (or WannaCry), encrypted files on infected computers, demanding a $300 ransom in Bitcoin per machine. The attack leveraged a flaw in Microsoft Windows, for which a patch had been released in March but many systems, including those in the NHS, had not applied the update. Reports indicated that 90% of NHS trusts were still using Windows XP, an outdated operating system no longer supported by Microsoft.
Impact on the NHS
At least 40 NHS organizations in England and Scotland were hit, forcing staff to revert to pen-and-paper records and personal phones. Hospitals canceled non-emergency procedures, diverted ambulances, and struggled with inaccessible patient records and appointment systems. One NHS worker reported the attack began after an employee opened a malicious email attachment, suggesting a phishing vector.
Global Reach
Beyond the UK, the ransomware disrupted major companies, including Telefónica (Spain), FedEx (US), and organizations in Russia, Ukraine, and Taiwan. Cybersecurity firm Kaspersky Lab estimated 45,000 attacks across 99 countries, with Russia the hardest hit.
Response and Recovery
The National Cyber Security Centre (NCSC) and NHS Digital worked urgently to restore systems, though officials could not confirm whether patient data had been backed up. Home Secretary Amber Rudd acknowledged the need for software upgrades but did not verify backup protocols. Prime Minister Theresa May emphasized the attack was not NHS-targeted but part of a broader international campaign.
Experts warned that recovery would be slow, requiring a full system wipe and reinstallation to prevent reinfection. The attack underscored long-standing concerns about the NHS’s outdated IT infrastructure, with critics noting that warnings of such an incident had been ignored.
Authorities confirmed the attack was criminal in nature, not state-sponsored, and had no immediate national security implications. The ransomware’s rapid spread highlighted the risks of unpatched systems and the challenges of securing large, complex networks.
FedEx cybersecurity rating report: https://www.rankiteo.com/company/fedex
"id": "FED1781749923",
"linkid": "fedex",
"type": "Ransomware",
"date": "5/2017",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Patients (number unspecified)',
'industry': 'Healthcare',
'location': 'United Kingdom (England, Scotland)',
'name': 'National Health Service (NHS)',
'size': 'Large (40+ trusts affected)',
'type': 'Healthcare'},
{'industry': 'Telecommunications',
'location': 'Spain',
'name': 'Telefónica',
'size': 'Large',
'type': 'Corporation'},
{'industry': 'Logistics',
'location': 'United States',
'name': 'FedEx',
'size': 'Large',
'type': 'Corporation'}],
'attack_vector': 'Phishing (malicious email attachment), Exploited Windows '
'vulnerability (EternalBlue)',
'data_breach': {'data_encryption': 'Yes (files encrypted by ransomware)',
'personally_identifiable_information': 'Yes (patient data)',
'sensitivity_of_data': 'High (personally identifiable '
'information, medical data)',
'type_of_data_compromised': 'Patient records, appointment '
'data'},
'description': 'A massive ransomware attack struck the UK’s National Health '
'Service (NHS) and organizations worldwide on Friday, '
'crippling hospital systems, canceling operations, and '
'diverting ambulances. The attack exploited a Windows '
'vulnerability and affected nearly 100 countries, with the NHS '
'among the most severely impacted.',
'impact': {'brand_reputation_impact': 'Significant (criticism of outdated IT '
'infrastructure)',
'data_compromised': 'Patient records, appointment systems',
'downtime': 'Non-emergency procedures canceled, ambulances '
'diverted',
'identity_theft_risk': 'Potential (patient data exposure)',
'operational_impact': 'Reverted to pen-and-paper records, '
'inaccessible patient data, disrupted '
'hospital operations',
'systems_affected': 'Hospital IT systems, Windows-based computers'},
'initial_access_broker': {'entry_point': 'Phishing email attachment'},
'investigation_status': 'Ongoing (as of incident report)',
'lessons_learned': 'Need for timely software patching, risks of outdated IT '
'infrastructure (e.g., Windows XP), importance of backup '
'protocols, challenges in securing large networks.',
'motivation': 'Financial gain (ransom)',
'post_incident_analysis': {'corrective_actions': 'Apply Windows patches, '
'upgrade unsupported '
'systems, review backup '
'protocols, enhance '
'monitoring and incident '
'response',
'root_causes': 'Unpatched Windows systems '
'(MS17-010), use of outdated '
'Windows XP, phishing attack, lack '
'of network segmentation'},
'ransomware': {'data_encryption': 'Yes',
'ransom_demanded': '$300 in Bitcoin per machine',
'ransomware_strain': 'WanaCrypt0r 2.0 (WannaCry)'},
'recommendations': 'Apply security patches promptly, upgrade unsupported '
'systems (e.g., Windows XP), implement robust backup '
'strategies, enhance phishing awareness training, improve '
'incident response planning.',
'references': [{'source': 'Kaspersky Lab'},
{'source': 'National Cyber Security Centre (NCSC)'},
{'source': 'NHS Digital'}],
'response': {'communication_strategy': 'Public statements by Home Secretary '
'Amber Rudd and Prime Minister Theresa '
'May',
'containment_measures': 'System wipes, reinstallation to prevent '
'reinfection',
'incident_response_plan_activated': 'Yes (NCSC and NHS Digital)',
'recovery_measures': 'Restoring systems from backups '
'(unconfirmed if backups existed)',
'remediation_measures': 'Applied Windows patches, urged software '
'upgrades'},
'stakeholder_advisories': 'Public statements by UK government officials '
'(Amber Rudd, Theresa May)',
'title': 'Global Ransomware Attack Disrupts NHS, Hospitals Across 100 '
'Countries',
'type': 'Ransomware',
'vulnerability_exploited': 'Windows SMB vulnerability (MS17-010), Unpatched '
'systems, Windows XP'}