CreditWill Oliver/European Pressphoto Agency
LONDON — Martin Hardy was in his hospital gown, about to be wheeled into the operating room for knee surgery on Saturday morning at Royal London Hospital in East London, when, he said, his operation was abruptly canceled.
Mr. Hardy, 52, a caregiver for his father, said his surgeon told him the operation could not be carried out because the hospital’s computer system was not working and his condition was not life-threatening.
“I was in my hospital robe literally about to go in,” he said, wincing as he stood on crutches outside the hospital, waiting for a taxi home. “How can anyone in their right mind do such a thing?” he added, referring to the people behind the devastating cyberattack that affected organizations in nearly 100 countries and sent tremors across Britain’s National Health Service.
A day after one of the largest “ransomware” attacks on record, which left thousands of computers at companies in Europe, universities in Asia and hospitals in Britain still crippled or shut down on Saturday, Amber Rudd, the British home secretary, told the BBC that the N.H.S. needed to learn from what had happened and upgrade its information technology system.
Continue reading the main story
Continue reading the main story
Ms. Rudd said the number of affected N.H.S. organizations in England and Scotland had risen to 48 (20 percent of the 248 public health trusts), of which all but six were back to normal. Britain’s National Cyber Security Center is working with the N.H.S. to ensure the attack is contained.
The opposition Labour Party criticized the government sharply on Saturday for what it called negligence in not updating N.H.S. software after Microsoft provided a security patch against such ransomware attacks in March. Jonathan Ashworth, Labour’s shadow health secretary, said in a letter to Health Secretary Jeremy Hunt, “The incident highlights the risk to data security within our modern health service and reinforces the need for cyber security to be at the heart of government planning.”
Ms. Rudd conceded that the N.H.S., where many computers had outdated software vulnerable to malware and ransomware, had been ill prepared, despite numerous warnings. “I would expect N.H.S. trusts to learn from this and to make sure that they do upgrade,” she said.
For some, her words offered little comfort. “National Hacked Service,” said the headline in The Sun on Saturday, reflecting the frustration of Britons for whom the vaunted but chronically underfunded N.H.S. is deeply bound up in national identity. So intrinsic is the N.H.S. to Britons’ sense of self that the service was featured in the opening of the 2012 London Olympics, complete with dozens of people dressed as patients and nurses dancing around illuminated beds that spelled the letters N.H.S.
On Saturday at Royal London, a world-renowned teaching hospital in the Bethnal Green neighborhood, patients expressed a mix of frustration, resignation and gratitude as the medical staff worked to provide care while still grappling with the cyberattack. The hospital, which has 675 beds and hosts one of Europe’s largest accident and emergency departments, has been an imposing and beloved presence in its multicultural neighborhood since the 18th century. Welcome signs in the hospital greet visitors in English, Chinese and Arabic.
Zahid Ahmed, 23, a local shopkeeper whose son was born at the hospital, said the cyberattack was an assault on the social fabric of the neighborhood, where the hospital was part of life, from cradle to grave.
“Everyone in this neighborhood relies on this hospital,” he said. “A hospital is like a mosque or a church or a school.” Castigating the attacker, he added, “Is there nothing sacred?”
On Saturday, some doctors and nurses there said that they had been unable to gain access to patient computer files and that they had been using paper files and recording patient histories by pen, as they had done in the pre-internet age. Several nurses said they were struggling to obtain blood test results. Members of the urology clinic said they were unable to work because the computers were down.
“This attack is horrible because it disturbs the service and strikes at the heart of a hospital,” said Beverly Somera, a nurse, as she left the hospital after her night shift. “We have to do everything by hand, and this can slow things down.”
A note on the door of the emergency room warned patients that the hospital was experiencing information technology problems and that there could be delays. A man with a cast and crutches said he had been turned away.
Barts Health N.H.S. Trust, which runs the hospital, said in a statement that it was dealing with a major information technology disruption and apologized for any delays. It said outpatient appointments on Saturday had been canceled.
Fred Bird, a retired truck driver, said he had been called by the hospital earlier in the week to pick up X-rays before a colonoscopy procedure, only to arrive on Saturday morning and find the imaging department’s doors closed.
“You can’t blame the hospital, but surely the N.H.S. knew this could happen?” he said, his face reddening with anger. “And I don’t understand why their computers weren’t secure. We all pay into the N.H.S., and this is what we get. What on earth is going on in this country?”
Samantha Tugushi, 28, said she had arrived at a clinic hoping to be treated for an infection, only to be turned away after a long wait. “I guess I will go home and take a paracetamol,” she said.
At St. Mary’s Hospital in Central London, the computer systems were back up and running and the accident and emergency department appeared to be processing patients in an orderly fashion.
Still, some patients were worried about their records. Amanda Wilson, 64, who went to St. Mary’s on Saturday for an X-ray, said with a nervous laugh: “I’m worried they’ve lost my files. What do I do then? I don’t remember all the different procedures I’ve been through.”
Across Britain, medical officials were grappling with how to increase security after the attack.
Dr. Krishna Chinthapalli, a senior resident at the National Hospital for Neurology and Neurosurgery in London, who predicted a cyberattack on the N.H.S. in an article published in the British Medical Journal a few days before the attack, said it was disturbing.
“I had expected an attack,” he said in an interview. “But not on this scale.”
He had warned in the article that hospitals were especially vulnerable to ransomware attacks because they held vital data, and were probably more willing than others to pay a ransom to recover it. He said in the interview that many of the N.H.S. computers still ran Windows XP, an out-of-date software.
He warned that if hospitals paid the ransoms, it could lead to a slippery slope of other attacks.