NHS Digital: Trusts sent fix that would have protected them

Thousands of Irish hospitals thought to have been hit during the major cyber attack on the NHS were infected by a separate, older virus, it has emerged.

Three Irish hospitals raised concerns they had been affected by the WannaCry ransomware attack which crippled UK health services.

Cyber security experts found that they had another older virus, for which protection was available, Ireland's Health Service Executive (HSE) said.

"In all three cases, the hospital was returned to the health network and continued to deliver patient care with no impact," it said.

The HSE added that new security patches had been added to tens of thousands of computers and all those still affected would be dealt with within 48 hours.

Two hospitals remain on "divert" status as the NHS recovers from a cyber attack which has affected more than 40 Trusts.

NHS England announced on Monday that the number of hospitals sending patients to other facilities was down from seven to two.

Lister Hospital in Hertfordshire and Broomfield Hospital in Essex are still re-directing people seeking medical treatment following the ransomware attack, which affected organisations across 150 countries.

Dr Anne Rainsberry, from NHS England, said: "There are encouraging signs that the situation is improving, with fewer hospitals having to divert patients from their A&E units.

“The message to patients is clear: the NHS is open for business. Staff are working hard to ensure that the small number of organisations still affected return to normal shortly."

Health Secretary Jeremy Hunt has said there has not been a second wave of cyber attacks after the NHS was struck by ransomware attacks on Friday.

Mr Hunt said all organisations need to do more to protect themselves from cyber attacks, which he said were "relatively common".

He said: "Although we have never seen anything on this scale when it comes to ransomware attacks, they are relatively common and there are things that you can do, that everyone can do, all of us can do, to protect ourselves against them.

"In particular, making sure that our data is properly backed up and making sure that we are using the software patches, the anti-virus patches that are sent out regularly by manufacturers.

"These are things that we can all do to reduce the risk of the impact that we've seen over the last 48 hours."

Mr Hunt has come under fire for failing to appear in public since the attack, which hit 47 trusts in England and 13 Scottish health boards on Friday.

Health trusts across England were sent details of an IT security patch that would have protected them from the crippling ransomware attack, NHS Digital said.

Large swathes of the NHS have been paralysed by the cyber attack, which hit 200,000 victims in 150 countries around the world.

The health service has been rebuked for using the outdated Windows XP operating system to store digital information, despite security updates for the software having been discontinued by Microsoft.

The attack has left 47 NHS organisations affected with malware in their system, ranging from hospital trusts to commissioning support units.

Seven hospital trusts are still experiencing serious problems, among them St Bartholomew's Hospital in London, York Teaching Hospital NHS Trust and the University Hospitals of North Midlands Trust.

But NHS Digital said it had made health trusts aware last month of IT protection that could have prevented the attack.

It said in a statement: "NHS Digital issued a targeted update on a secure portal accessible to NHS staff on April 25, and then via a bulletin to more than 10,000 security and IT professionals on April 27 to alert them to this specific issue.

"These alerts included a patch to protect their systems. This guidance was also reissued on Friday following emergence of this issue."

Theresa May has rejected claims the government ignored warnings the NHS was vulnerable to a possible cyber security attack.

The Prime Minister said warnings had been given to hospital trusts. During a visit to Oxfordshire, she insisted cyber security was being taken seriously in Whitehall.

Asked if warnings had been ignored, Mrs May said: "No. It was clear warnings were given to hospital trusts but this is not something that focused on attacking the NHS here in the UK."

She added: "Europol say there are 200,000 victims across the world.

"Cyber security is an issue that we need to address. That's why the Government, when we came into Government in 2010, put money into cyber security."

Government cuts are to blame for exposing NHS services to the cyber-attack which hit computers around the world on Friday, Jeremy Corbyn has said.

The Labour leader was speaking as he set out a promise to provide an extra £37 billion for the NHS, with measures aimed at improving A&E performance and taking one million patients off waiting lists.

Security minister Ben Wallace said the NHS had followed some "pretty good procedures" in combating the cyber attack.

Technical staff restored data and replaced security patches over the weekend at trusts across the country, Mr Wallace said.

He told BBC Breakfast the Government had put £1.2 billion into combating cyber attacks during the last strategic defence and security review, including a £50 million pot to support NHS IT networks.

And he defended the Government after a National Audit Office report in November warned that taking money away from NHS services would leave them vulnerable.

He insisted individual trusts have enough money to protect themselves against cyber attacks, saying: "We make sure the trusts are aware of their vulnerabilities and ask them to make sure they keep themselves up to date. What we don't do in our NHS is micromanage it from the desk."

Mr Wallace said it was a "red herring" to focus solely on the Windows XP operating system as being vulnerable, saying the virus had also attacked both Windows 7 and 8.1.

The "real key" was whether trusts had regularly backed up data and whether they were installing security patches.