More than 100 NHS hospitals in England have been forced to abandon digital systems and revert to pen and paper following a coordinated cyber-attack on Thursday morning. The attack, which targeted a centralised health IT platform, has disrupted patient appointments, surgical schedules, and emergency admissions across half of all acute trusts.
National Cyber Security Centre officials confirmed that the incident appears to be a ransomware assault originating from a compromised software update. NHS Digital, the agency responsible for the health service’s digital infrastructure, activated emergency protocols within 40 minutes of the first alert. By 9 a.m., all affected hospitals had implemented “business continuity mode”, switching to manual record-keeping and offline triage systems.
Health Secretary Mark Tremlett praised the response as “exemplary”, stating that “the NHS’s cyber defences are the gold standard in any health system worldwide”. He noted that no patient data has been exfiltrated and that the attack was contained before it could reach critical care systems. The National Cyber Security Centre is leading the investigation alongside the National Crime Agency.
The attack underscores the persistent vulnerability of critical national infrastructure to cyber threats. While the infrastructure in question was designed with multiple layers of defence, experts argue that such incidents are inevitable. The cost to the system will be measured not only in money but also in delayed treatments. Elective surgeries scheduled for Thursday and Friday have been postponed in 42 trusts, affecting an estimated 3,500 patients. Emergency departments are diverting less critical cases to nearby specialist centres.
This is not the first major incident to hit the NHS. In 2017, the WannaCry ransomware epidemic crippled thousands of devices across 80 trusts. That attack exploited unpatched Windows software. Since then, the NHS has invested nearly 1.2 billion pounds in cybersecurity upgrades, including mandatory training for 1.3 million staff. Thursday’s attack appears to have bypassed those defences through a zero-day vulnerability in the third-party vendor’s software.
International reactions have highlighted the UK’s relative preparedness. A senior EU cybersecurity official described the response as “a masterclass in crisis management”. American and Canadian health authorities have dispatched observers to study the NHS playbook. Yet some health workers voiced frustration. Dr. Anjali Rao, an A&E consultant at one affected London hospital, said: “We train for this, but it doesn’t make it any easier when you have to chart adrenaline doses on a paper form while a patient is crashing.”
The long-term fallout remains unclear. NHS leadership expects most digital functions to be restored within 72 hours. But the psychological impact on a system already under extreme strain may persist. For now, the NHS has demonstrated that even a regression to paper records can function in crisis. But it is a painful reminder that digital resilience requires constant vigilance, not just investment.
Further updates will be provided as the investigation proceeds. The government has stated that lessons from this incident will be used to strengthen the UK’s cybersecurity posture across all sectors.
