11 health boards and ambulance service hit by cyber attack
Last updated 13th May 2017
Eleven of Scotland's geographical health boards, and its ambulance service, have been hit by the large-scale cyber attack on NHS computer systems.
Acute hospital sites in Lanarkshire, as well as GP surgeries, dental practices and other primary care centres around the country have been affected by the ransomware attack on IT networks, which also disrupted health services in England.
Prime Minister Theresa May said the attack was ''not targeted'' at the NHS, but was part of a wider assault on organisations across a number of countries.
There is no evidence to suggest that patient data has been compromised, officials say.
Following a Scottish Government resilience (SGORR) meeting on Friday night, ministers confirmed that 11 of Scotland's 14 geographical health boards have been affected.
They are NHS Borders, Dumfries and Galloway, Fife, Forth Valley, Lanarkshire, Greater Glasgow and Clyde, Tayside, Western Isles, Highlands, Grampian, and Ayrshire and Arran.
And the Scottish Ambulance Service, which is also classed as a health board, was hacked in the attack, taking the total number of boards hit north of the border to 12.
First Minister Nicola Sturgeon said after the meeting: ''Earlier, a ransomware cyber-attack of the kind which has impacted NHS England, was found to have affected 12 health boards across NHS Scotland.
Immediate steps were taken to isolate the affected systems and to ascertain the exact nature of the malware being used.
I have convened a Scottish Government resilience meeting to ensure that we are closely monitoring the situation.
All necessary steps are being taken to ensure that the cause and nature of this attack is identified. There is no evidence that patient data has been compromised.''
Ms Sturgeon said Government officials are working with the affected boards and authorities like the National Cyber Security Centre to isolate any affected systems.
''Our priority is to ensure that boards get all the support required to identify the full extent of any problems, and return IT systems to normal as soon as possible, so there is as little impact on patient care as possible,'' she said.
She also thanked the NHS staff working to ensure the impact of the attack ''is kept to an absolute minimum''.
The First Minister was joined in the meeting by her deputy John Swinney and Health Secretary Shona Robison, as they were updated by officials from the National Cyber Security Centre, and the Scottish Government.
Further resilience meetings will be held over the weekend as required.
Ministers said most of the incidents have been confined to desktop computers in surgeries and primary care centres.
Patient services, including emergency services, are continuing to operate across Scotland, the Government at Holyrood confirmed.
NHS Lanarkshire is the only board in Scotland where acute hospital sites have been hit, although those hospitals are continuing to operate.
Health chiefs there urged non-emergency patients to stay away from its hospitals as it dealt with the ransomware attack.
They said in a statement: ''As a precaution, NHS Lanarkshire is closing down its non-essential networked IT systems on a temporary basis.
All our sites remain open, however we are appealing to members of the public only to attend hospital for emergency treatment during this period.''
Scotland's biggest health board, NHS Greater Glasgow and Clyde, as well as NHS Tayside, NHS Dumfries and Galloway and NHS Forth Valley confirmed that some of their GP surgeries had been caught up in the incident.
The health board in Tayside reported that 10 GP practices in the region, which operate on a non-NHS Tayside system, were affected. Four surgeries in the Greater Glasgow and Clyde area experienced disruption to their IT systems, while three practices were impacted in Dumfries and Galloway.
NHS Borders said three of its community sites have been hit.
The remaining boards were affected to some extent, apart from NHS Lothian, Orkney and Shetland, which appeared not to have been targeted.