Up to 100 NHS hospitals have reverted to pen and paper after a co-ordinated cyber-attack targeted their IT systems, forcing staff to cancel routine appointments and rely on manual records. The attack, which struck early this morning, has knocked out patient management software, appointment booking, and prescription ordering across trusts in England and Scotland. Emergency departments remain open but are operating at reduced capacity.
Health Secretary Wes Streeting confirmed that a national cyber security review had been launched, with the National Cyber Security Centre and NHS Digital working to restore services. “This is a deliberate attack on our health service,” he said. “We are doing everything to get systems back online, but patient safety is our priority.”
The incident has exposed the fragility of NHS digital infrastructure. Staff at Manchester Royal Infirmary described “chaos” as nurses scrambled to find paper forms and doctors wrote out prescriptions by hand. One junior doctor, who asked not to be named, said: “We’ve been telling ministers for years that our IT is held together with sticky tape. Now we’re back to 1980s working conditions.”
For patients, the impact has been immediate. Thousands of routine scans, blood tests, and follow-up appointments have been postponed. Margaret Turner, 72, from Leeds, had her hip replacement cancelled hours before surgery. “I’ve been waiting 18 months,” she said. “Now they say it could be weeks more.”
The attack comes as the government pushes ahead with a major NHS digitalisation drive, including a £2 billion investment in electronic patient records. Critics argue that money has been too slow to reach frontline trusts. The British Medical Association called for an urgent inquiry, warning that the “underfunding of IT security puts lives at risk.”
Downing Street has convened an emergency Cobra meeting. The prime minister is expected to brief the House of Commons later today. Meanwhile, the pensions and benefits systems remain unaffected, but Downing Street has warned of potential knock-on effects as the health service struggles to process discharges and referrals.
The last major NHS cyber-attack, in 2017, crippled 80 trusts with WannaCry ransomware. That attack, which cost the NHS £92 million, was blamed on outdated Windows software. Despite repeated warnings, a 2023 National Audit Office report found that a third of NHS trusts still use unsupported Windows systems. This latest breach appears to have exploited similar vulnerabilities.
Union leaders have called for a public inquiry. “This is not a tech failure, it is a political failure,” said Unite’s health lead. “Our members deserve safe systems, not sticking plasters.” The government insists it has invested £1.3 billion in cyber resilience since 2018, but opposition MPs argue that is a fraction of what is needed.
For now, hospital corridors are filled with the sound of scribbling pens and the anxiety of patients waiting for the digital world to return. The real economy will feel the pinch too: staff working overtime, cancelled operations costing millions, and a system already on its knees takes another blow.
