Sources within the National Health Service confirm that a coordinated cyber-attack has crippled IT systems in at least 100 NHS trusts across England, forcing staff to revert to pen and paper. The attack, believed to be a ransomware variant, struck early this morning, encrypting patient records, appointment systems, and surgical scheduling. “It’s chaos,” a senior NHS source told me. “We’re cancelling elective surgeries, diverting ambulances, and treating this as a major incident.”
The National Cyber Security Centre (NCSC), part of GCHQ, has confirmed it is investigating alongside NHS Digital. An NCSC spokesperson stated: “We are working with the NHS to understand the full impact and to restore services as quickly as possible.” But off the record, cybersecurity experts describe this as “the worst healthcare cyber incident in British history.”
Hospitals in London, Manchester, Birmingham, and Leeds are affected. Staff are using paper records, manual referrals, and telephone triage. Pharmacists cannot access electronic prescriptions. Cancer patients are being told to wait. A paramedic in the North West told me: “We’ve got no access to patient histories. We’re flying blind.”
The attack appears to be the work of a ransomware group known as “Medusa,” which has targeted healthcare organisations in the US and Europe. Uncovered documents from dark web forums show the group boasting of “the biggest NHS heist.” The group is demanding a ransom of $50 million in cryptocurrency. But the government’s position is clear: “We do not pay ransoms,” a Downing Street source said.
Meanwhile, the NHS is scrambling to mitigate the damage. Backups are being restored, but some data may be unrecoverable. “This is a wake-up call,” said Dr. Sarah Khan, a cybersecurity researcher at Oxford. “The NHS has been underfunded for years. This was not a matter of if, but when.”
The Information Commissioner’s Office (ICO) has been notified. Under GDPR, the NHS faces fines if patient data is lost. But the immediate concern is patient safety. The British Medical Association has warned of “dangerous delays” in diagnosis and treatment.
I have seen leaked internal NHS emails from early this morning ordering IT teams to “disconnect all networked devices” and to “prepare for extended outage.” Senior hospital managers are instructing staff to print out basic checklists and referral forms. Operations scheduled for today are postponed. Accident and emergency departments are being diverted to non-affected trusts.
One consultant at a London teaching hospital told me: “We are in crisis mode. We’ve not seen anything like this since the 2017 WannaCry attack, but this is worse. This is targeted and sophisticated.” However, unlike WannaCry, which was a global worm, this attack was specifically aimed at the NHS. Uncovered documents from a cybersecurity firm show that the attackers spent months mapping NHS networks.
Politicians are circling. The Health Secretary will make a statement to Parliament this afternoon. Shadow Health Secretary says it’s a “national disgrace” that the NHS was unprepared. But the real question is who will pay. The ransom demand is one thing. The cost of recovery will be billions.
The NCSC is now leading the response. Its investigation is focused on how the attackers gained access. Early indications suggest a phishing campaign targeting NHS procurement staff. But the full forensic picture is days away.
For now, the NHS is on the back foot. Every second counts. And the clock is ticking.
