NHS major 'cyber incident' forces hospitals to use pen and paper
Systems are isolated and pulled offline, while scheduled procedures are canceled
The ongoing cyber security incident affecting a North West England NHS group has forced sites to fall back on pen-and-paper operations.
We have reverted to our business continuity processes and are using paper rather than digital in the areas affected
The Wirral University Teaching Hospital NHS Trust updated its official line on the incident on Wednesday evening, revealing new details about the case – but remains coy about the true nature of the attack.
"After detecting suspicious activity, as a precaution, we isolated our systems to ensure that the problem did not spread. This resulted in some IT systems being offline," the updated statement said.
"We have reverted to our business continuity processes and are using paper rather than digital in the areas affected. We are working closely with the national cyber security services and we are planning to return to normal services at the earliest opportunity."
When organizations talk about isolating and pulling systems offline, it's usually the wording that later becomes associated with a ransomware incident. It has not confirmed whether or not that is the case, however.
The Trust went on to say that services are still available, although some scheduled appointments "are affected" – without specifying how – adding that some procedures were postponed.
Patients are advised to continue attending scheduled appointments with their appointment letters in hand unless told otherwise.
The Trust is responsible for Arrowe Park Hospital, Clatterbridge Hospital, and Wirral Women and Children's Hospital. It also provides some services at St Catherine's Health Centre, and Victoria Central Health Centre, Wallasey.
Before the update on Wednesday evening, the Trust's statement included the following: "Maternity services are running as normal. All antenatal appointments, community midwife appointments, scans, and post-natal visits are continuing as usual. Please still attend maternity appointments unless contacted otherwise. The 24-hour emergency triage service is running as normal."
This section has since been removed.
- Another 'major cyber incident' at a UK hospital, outpatients asked to stay away
- NHS to launch 'real-time surveillance system' to prevent future pandemics
- Former Facebook lobbyist joins UK comms regulator as non-exec director
- NHS would be hit by 'significant' costs if UK loses EU data status, warn Lords
The incident was first disclosed on Monday evening, at which point the Trust discouraged people from visiting affected hospitals' accident and emergency (A&E) departments unless their condition was serious and/or life-threatening. Genuine emergencies included but weren't limited to chest pains, choking, blacking out, serious blood loss, and strokes.
"Serious injuries" were included in this list originally, but updated guidance indicates that things like bone breaks and joint sprains should instead first be seen by an urgent treatment center (UTC), in line with wider NHS policy. "In an emergency please call 999. For non-urgent health concerns, please use NHS 111, visit a walk-in center, urgent treatment center, your GP, or pharmacist."
UTCs differ from A&E departments. UTCs are often led by GPs and primarily intended for minor injuries to avoid swamping A&Es. They typically don't operate 24 hours.
Those who need to visit a UTC outside of working hours should of course visit A&E instead. But those who decide to visit, regardless of the severity of their condition, are warned of longer-than-usual waiting times.
"The Trust continues to prioritize emergency treatment but there are likely to be longer than usual waiting times for unplanned treatment in our emergency department and assessment areas." ®