NHS Scotland "fights cyber attacks every day"

NHS Scotland fights cyber attacks daily, Health Secretary Shona Robison said, as she confirmed 20 patients in one health board had operations rescheduled following Friday's global ransomware attack.

Police Scotland and the National Crime Agency are investigating the attack which hit 13 Scottish health boards including acute hospital sites in Lanarkshire, GP surgeries and dental practices as well as the Scottish Ambulance Service.

In a statement at Holyrood, Ms Robison praised NHS workers for their speedy response and said no patient data or details had been compromised and there had been no impact on patient safety.

She said less than 1% of devices were affected and systems are “back working normally by and large”, but confirmed NHS Borders and NHS Lanarkshire were worst hit, with 20 patients in the latter health board area having routine operations rescheduled.

Ms Robison said: “Although this attack was unprecedented in its scope with hundreds of organisations affected across the globe, it was not an isolated incident. In fact NHS Scotland, along with other organisations, face similar attacks every day most of which are thwarted by the controls and protections that are in place.”

She urged the public sector to be “vigilant” and keep systems up-to-date and fully protected, adding: “There will be a number of lessons arising from these ransomware attacks that we must learn from. Reviews are already under way to capture what can be improved to ensure that we reduce the chances of a similar attack happening in the future.”

Labour's Anas Sarwar repeated calls for the Government to hold a review of health board cyber security, saying his party had requested this in December and February after discovering previous ransomware attacks on NHS Scotland.

Ms Robison said the Chief Operating Officer had written to all health boards in February reminding them to ensure they had resilence in place and were following the best advice on cyber attack prevention.

She said: “There are regular attacks on our NHS systems and the fact that to date those have been very limited in their impact, up until the situation on Friday, I think that says something about the strength of that resilience.”

She confirmed it is not NHS policy to pay out in the event of ransom attacks and there have been no payouts to date.

Conservative Miles Briggs asked Ms Robison if she is confident that “sufficient resilience planning” is in place to ensure the systems could cope with any future large-scale attack.

She said: “We are confident around the systems that are in place given that less than 1% of the devices were affected, but are in no way complacent. This is a wake-up call not just to the NHS but the whole of, not just the public sector, but industry as well.”