this is bbc news — the headlines at a:00: nhs hospitals in england have been hit by a string of suspected cyber attacks — forcing some to ask people to stay away from a&e except in an emergency. trusts and hospitals in london, blackburn, cumbria and hertfordshire have been affected. in other news... jeremy corbyn says the war on terror has not worked — military intervention has become "almost routine" and fresh thinking is needed. the philosophy of bomb first, talk later approach to security has failed. to persist with it as the conservative government has made clear it's determined to do is a recipe for increasing not reducing threats and security. president trump warns sacked fbi directorjames comey not to leak stories to the press, in a series of early morning tweets. good afternoon and welcome

to the bbc news. our main story this afternoon is still developing... a number of hospitals have been hit by a large—scale cyber attack. hospitals across england appear to have been simultaneously hit by a computer virus, causing their it systems to fail and leading to many diverting emergency patients. among those affected are barts trust in london, the lister hospital in stevenage, the nhs in blackburn, blackpool, york and cumberland infirmary in carlisle. just hearing from the nhs in wales

have not been affected. they have their own it infrastructure. so this does seem to be an issue from nhs england. we are just getting a statement in from nhs digitaljust saying, we are statement in from nhs digitaljust saying, we are aware statement in from nhs digitaljust saying, we are aware of cyber security incident, we are working on a response. that is nhs digital, the division of the nhs which handles technology issues. let's get more on this now with our technology correspondent, rory cellan—jones. you have seen a you have seen a screen you have seen a screen grab of the message coming up when health service workers try to get into their computers? it is too early to say what is behind this attack. but it appears to be run somewhere, when malicious software is sent to computers, taking computers in perhaps old software. what it does, it locks their files and then up

p°p5 it locks their files and then up pops a message on your screen saying we have all your files locked and this is incredibly valuable data, we can unlock them, but you have to send money. several people have contacted us, including a london gp to say when they have tried to log onto the system, this kind of message has up. saying your files are encrypted, locked and you will have to pay a certain amount of money to get them unlocked. it is the most common tactic of cyber criminals. it has caused huge concern across the world. hospitals have been hit with it before. there are reports that this is a widescale attack hitting a particular type of software. we a re attack hitting a particular type of software. we are hearing reports from spain that other companies may have been affected. we don't know if they are linked, but there is talk ofa they are linked, but there is talk of a vulnerability these criminals

are attacking. how easy or how difficult is it to combat this, to fight this? once you have been attacked with this run somewhere, whatever you want to call it, how easyis whatever you want to call it, how easy is it to defeat it? this is a difficult kind of attack. the big advice is make sure you have got back—ups held locally, not in the cloud because this malicious softwa re cloud because this malicious software can get into network computers. if you have back—ups, you can go back to them. what they are lying on, the criminals, you will not be able to get to this data without their say—so and that leaves you vulnerable. but they are exploiting older forms of software that may not be up today in terms of their security protection. whatever has happened will question how robust the nhs defences are. does anybody have any idea where these hackers are based? could be anywhere

in the world. it is a huge business, cyber crime. i was talking to the police this week, who are trying to train up to combat this kind of thing. they are saying, it is the fastest type of offence and half of all offences reported now, and it is thought to be underreported. a lot of companies affected by this kind of companies affected by this kind of thing, just pay up and perhaps don't tell anybody about it.|j of thing, just pay up and perhaps don't tell anybody about it. i was going to say, you have to try and fight it, but a lot of people, a company that relies on software and computers will just company that relies on software and computers willjust pay up and give the hackers what they want? the key thing is, where is your data held? have you got the secondary back—up which is absolutely key in this case, otherwise you are vulnerable. a lot of companies can say, right we may have lost a bit of data today,

but we were backed up at the end of last night, so we will ignore this and start again and clean the system of the malicious software. others will not be so lucky and they know they need the data and we do know some organisations, police organisations for instance, in the united states, have been hit by this and have ended up paying up. rory, thank you very much. worth saying on that, then mentioned wales not affected and the scottish government saying they are unaware of any attacks on any systems in scotland. this seems to be an issue lonely for the nhs in england. let's speak to robert schifreen, a former computer hacker who's now the editor of the it safety website security smart. hejoins me on webcam from bexhill—on—sea. thanks for being with us, robert. how serious could this be? it is obviously very serious because it looks like it has hit a huge chunk of the nhs in england. the nhs are

put out a statement. what they haven't done is put out a statement saying we take security seriously. you can guarantee they will because when ever anybody gets hit with cyber crime, they don't put out a statement saying they'd take security seriously. however much you ta ke security seriously. however much you take security seriously, all it ta kes take security seriously, all it takes is one person to get in hindsight, is an malicious laden e—mail. they click on the link, and what they have done is they have run the programme on their computer and encrypts their files and wants money. it is very common, this sort of pa rents. money. it is very common, this sort of parents. it is the holy grail of computer crime because it allows hackers to get money and they have found a way of turning it into money. they don't just found a way of turning it into money. they don'tjust do your passwords and cause damage to your computer, it is actual money because u nless computer, it is actual money because unless you pay something, you will

not get your data back. in a lot of cases, even if you do pay, you don't get your data back anyway. it is down to human error, it is not down to it systems not taking security systems seriously. you say this will have come in via an e—mail to somebody? generally you will receive an e—mail or some sort of malware on your computer. you click on it thinking it is a link to some attachment. what happens is, it is any mail that is going to run a system any mail that is going to run a syste m o n any mail that is going to run a system on your computer that will encrypt all your files because by clicking on this link, you have given it permission to encrypt your files. it then pops up a message saying you have lost your data, send money and we will give you the password. or alternatively, all you have to do is restore from your back—ups. if you a single person or a five—man company and you have to restore, that can take half an hour and you fine. but if you are something like the size of the nhs

and this has only encrypted one person's information and then spread through the network, you have thousands of computers. you cannot put them back on line until you are 100% sure they are safe and the data is intact. you can be down for days. we are resorting to pen and paper for some gps. this can cost lives, it is so serious, at this computer crime. you mention it starts with possibly one person. it appears to have spread widely and geographically, how easy is it once one person has accepted the malware, how easy is it to move to the system ? how easy is it to move to the system? if you are a computer user, you have your e—mail system, your address book and contact list. if you want to do send an e—mail to your contacts, you fire up your e—mail programme that it'll do it automatically. what this malware does is exactly the same thing. once it is in your computer, it fires up

your e—mail it is in your computer, it fires up youre—mailand it is in your computer, it fires up your e—mail and sends a copy of itself to your contacts. they then get encrypted and then it sends to all of those contacts as well. so it does spread rapidly. the more we link our computers and networks, the more we back—up to the cloud, the more we back—up to the cloud, the more we back—up to the cloud, the more we are at risk. if you have a cloud —based back—up on your computer with one drive, and dropbox, you can get too littered with one click, so can the malware. as soon as you are infected and the malware has finished encrypting the data on the hard disk of your computer, it will then go to your back—ups in your dropbox or one drive and you have lost those as well. keep it local, off—side, by an external usb drive, back it up, put it in your pocket, not connected to the computer. if you get hit, whether you are the size of the nhs,

ora whether you are the size of the nhs, or a small company, restore from your back—up and you are safe. or a small company, restore from your back-up and you are safe. good advice. when we talk about hackers who might have done this, what level of sophistication and level of complexity is in an attack like this? you need to be quite savvy to know what you are doing. we hear about bugs being discovered in softwa re about bugs being discovered in software all the time. there was a serious one discovered by microsoft and patched this week. there were put out a security patch for windows or whichever operating system and they will put out a statement saying, the reason we have done this patch is because security researchers have discovered if you manage to do a certain thing, it will infect your computer. so hackers thing, all i have got to do is that certain thing where people have not installed the patch. always make sure you install the updates for your computer and all your

programmes. whenever anybody says, when you run your website on word and there has been some updates and people think, should i install it or not? this is why you should. the news of this patch comes out then people try to exploit it. if they happen to come across yours which hasn't had the update installed, your website will be targeted. really interested to get your insight. thank you very much, robert. i am going to talk to rory catherine jones robert. i am going to talk to rory catherinejones again. let me tell you before i talk to rory, we are hearing from the national cyber security centre. they have tweeted, we are aware of a cyber incident and we are aware of a cyber incident and we are aware of a cyber incident and we are working with nhs digital and the national crime agency. this is pa rt the national crime agency. this is part of the gchq spy centre at

cheltenham. so an indication of how seriously this is being taken and the reuter‘s news agency are telling us, british hospital workers in the nhs in england were warned on friday by it departments they were at threat from malware. what is your latest information? we have got a lot more information from nhs digital confirming, i think what we have been saying. it says a number of nhs organisations have reported they have been affected at randsomware attack. it is well—known malicious software. what i was saying earlier about it being a wider scale attack than just the nhs, at this stage we don't have any evidence patient data has been accessed. the attack wasn't specifically targeted at the nhs and

is affecting organisations from across a range of sectors. so it seems to indicate this particular piece of malicious software, that locks up your files, the man piece of malicious software, that locks up yourfiles, the man is piece of malicious software, that locks up your files, the man is a ransom from it, perhaps it is targeting a particular vulnerability and particular software the nhs in england has. this is a mystery it is affecting the nhs in england but not in scotland or wales. that would suggest they have a different operating systems and network softwa re operating systems and network software than elsewhere in the nhs and that is particularly vulnerable. we need to know a lot more about that. we're just hearing on reuters, nhs england saying i6 nhs organisations saying they have been affected by this cyber attack. no evidence at the moment that patient data has been accessed, which is

obviously important. but you are saying it may notjust be an attack on the nhs, it might be other organisations as well, but we haven't had reports from other companies and so on. we did have one report, i won't name the company at the moment, but a major telecoms company in spain has been affected. we are still chasing it up. but what happens, this is unleashed in a slightly random way against a whole range of targets. it is a fishing expedition, it is like a wave of spam and certainly organisations turn out to be more vulnerable than others. particularly it depends on somebody clicking on what looks like an innocuous e—mail and it turns out to contain this. and as he heard a moment ago, it spreads to everybody‘s contacts within that organisation. when you talk about some organisations being more

vulnerable, if you are a big bank with lots of financial resources, can you spend more on it defence, if you like, maybe an organisation like the nhs which may be strapped for cash? you might have more up today security systems, more ring fencing of particular systems. the nhs is saying no patient data has been accessed. perhaps it is one of the nhs systems, one which doesn't affect patient data, that has been accessed. we don't know that. rory, for the moment, thank you very much. we are going to stay with this because we can now speak to build goodwin from computer weekly magazine from london. the suggestion is, this is affecting the nhs but maybe a wider attack? it sounds very much as though it was particularly targeted at the nhs, it could have been a general e—mail that went out

to all sorts of organisations. but it could be the nhs, for whatever reason, because of the software they are using, are particularly vulnerable to this piece of malware. the problem with the nhs is it is not a with money and they do employ good cyber security people, but they are struggling to keep their heads above water and deal with day—to—day issues. so when a big attack like this comes along, it really puts the cyber security operation is under strain. people will be frantic trying to work out how to deal with this. it seems the real damage is not so much patient data but the fa ct not so much patient data but the fact hospitals have had to, perhaps asa fact hospitals have had to, perhaps as a precaution, turn off their it systems to prevent the infection spreading. so they are resorting to pen and paper, asking patients not to turn up to accident and emergency wards. so the knock—on effects seem

to be serious. you said there will be some pretty frantic people trying to get to grips with this, what will be the priority for the computer experts who have been drafted to ta ke experts who have been drafted to take a look at what is happening? priority number one will be to stop the malware spreading, which is why organisations have turned their computer systems. number two, will be to try to remove the malware. there are anti—virus companies that can actually obtain the encrypted signatures for this malware, well—known antivirus companies that offer a service to do that. so they will be bringing in the experts to try and remove this malicious softwa re try and remove this malicious software from their computer systems. some organisations might actually be tempted to pay the

ransom. that has happened before. but i think they will be bringing in the experts first to try and remove this software and try and reclaim their data. as you say, the priority is to stop the impact of this, but at some point, someone has to ask, how do we stop the people doing this. how easy is it when you get this. how easy is it when you get this type of attack, to trace it back to anybody? it can be quite difficult because hackers are very sophisticated at masking their tracks. they will go through multiple servers in multiple countries. it is very, very difficult if they know what they are doing to trace these attacks back. however there are some clever and talented people at gchq and the national security centres who will be working on this right now and will be trying to trace it back. it may originate from a different country and then you have problems

with jurisdiction. country and then you have problems withjurisdiction. how do country and then you have problems with jurisdiction. how do you actually track them down and prosecute them? it is very difficult. the real answer is to prevent it happening in the first place. a lot of it is training staff to make sure you don't click on an e—mailfrom a to make sure you don't click on an e—mail from a person you to make sure you don't click on an e—mailfrom a person you don't to make sure you don't click on an e—mail from a person you don't know, or contains a suspicious looking attachments that could have malware code embedded in it. it is very, very easy to trick people. for example, it is called spear fishing, you send an e—mail, you can mask the true identity of the e—mail so it appears to come from your boss. it says urgent, please open this attachment and deal with this immediately. so you do, but actually it contains an malware programme. it is very, very easy. so a lot of it begins with user training and user awareness and making sure people don't fall for those sorts of tricks. a good lesson for all of us. thanks very much. just to bring you

up—to—date with watch nhs digital are telling us, the computer arm of the national health service in england, they are saying i6 nhs organisations have so far reported their it systems have been affected by this cyber attack. they are saying the investigation is at an early stage but we we believe the malware variant they have been hit with is causing all the problems in nhs hospitals and gp surgeries in lots of parts of england, scotland and wales it seems, not affected at the moment. let's talk to a doctor, who is an a&e doctor at kingsmill hospital in the midlands. thanks for being with us. how has it affected you? it has affected me in terms of managing my patients in a&e

departments. we had a patient who had severe back pain and she could be potentially paralysed. we had to divert to queens hospital. it has affected us in terms that we have had to go back to paperwork, x—rays and documentation. it is getting difficult because we have a lot patients here and not a lot of time for us to process the information on a paper system. what do you think the people who would launch a cyber attack like this on hospitals and gp surgeries? i think they are a bunch of, how would i say, sitting behind

a screen trying to disturb people'slives and risking lives for cheap gains in terms of money. i hate to say that unfortunately, although we have the best health system in the world and i am proud to be part of it. for some idiots to try to mess is about, i am sure the consequences for them will be very grave. once they find out who has been behind it. we havejust got grave. once they find out who has been behind it. we have just got a statement from the patients' association. they are effectively saying today's attack might be the biggest, but it isn't the first, probably won't be the last and really saying we should look now for more spending on the cost to defend the national health service in terms of it technology, to defend against

cyber attacks like this. the patients' association saying now is not the time to be squeamish about the cost of keeping our nhs secure. would you agree with those sentiments, it does maybe require some more spending on it defence in the nhs? yes, i have a lot of it background. i used to fix computers and stuff like that. the it system here is very good, the people working behind it are very intelligent. the problem is, we need more sophisticated systems, more secure. i don't want to get into a conversation and upset people by commenting about the it system, but i think abroad they are more secure. but in answer to your question, yes

we need more money to be spent on the it system. today is the biggest example for us. thank you very much for being with us and interesting to get your perspective on the cyber attack. an a&e doctor in the midlands, thank you. there is more information coming in all the time. just a statement being released by nhs providers, they represent nhs acute ambulance community and mental health services in the nhs. they are saying the scale and scope of what looks to be a massive malware attack in the area. but if it is, it is a growing problem in all industries. given the potential impact, nhs trust take this type of attack seriously. nhs providers perhaps trying to reassure by saying the nhs has detailed and well rehearsed contingency plans in place to deal with incidents of this type. these plans have worked effectively when

they have been triggered on an individual trust bases in the past and trusts will rally round to support each other to cope with disruption. however, this is important, it is likely that some services will be affected at least in the short—term. but they would like to reassure patients that they are doing all they can minimise the impact on patients and to get their services back to normal as quickly as possible. one other statement, this giving a sense that not everybody is affected. i was just looking at a statement, i cannot find it, from oxfordshire. they were saying that they so far were clear of it. they have taken precautions and they have been advised... oxford hospital trust, we have been notified of the attacks, and so far are strong security measures are holding solid. but they, like many other surgeries and hospitals, will

be monitoring the situation and getting staff to be vigilant. so, this situation gradually unfolding. one place we know has been affected is liverpool and on the line is a doctor who is a gp at wingate medical centre in liverpool. thanks for being with us, perhaps you can give us a sense of what happened at your surgery? two p.m., our system lost co nta ct your surgery? two p.m., our system lost contact with the server. our system is one of the most popular in the uk, over 50% of general practices in england runs on it and the service, centrally held, supported and protected. the loss of access to the server was a move put in place to stop it reaching into the community. what has been the impact with you having to turn everything off? that is the problem. we operate almost exclusively on

computers, very little paper in the building. our entire patient record is our success on the computer, blood results, history, medicines and most of our prescribing is done electronically. we don't use prescriptions unless the patient particularly chooses to have a piece of green paper. most of the time it is sent directly to the pharmacy. but you cannot do that when you remove the clinical system. what are you saying the patients coming in for their appointments this afternoon? fortunately, the modelwe operate, we don't book weeks in advance, you cannot block for weeks in advance. we deal with everybody on the telephone. so we solve a third of the problems on the phone. the bottom line is, not a lot of people coming in, but in to come in

this afternoon and those patients are understanding if they know they have a problem which can wait until next week and hopefully all this will have died down, then we can deal with them then. if they need to be seen, we are seeing and sorting with them now with good old—fashioned clinical practice. what is up to do, have you had this before? proper general practice style. the important thing is, no data has been lost or affected so everybody‘s patient history and prescribing medications are still as safe as they were this morning. very kind of you to take time out to tell us kind of you to take time out to tell us what is happening where you are and we wish you well as you try and rally round to deal with this. just to recap, if you arejoining us, a cyber attack on nhs england

hospitals and gp surgeries. at least i6 hospitals and gp surgeries. at least 16 hospitals, we are hearing, at the last count, affected. a&e patients being told, unless it is an emergency, not to go to a&e. this just in from colchester general hospitals facebook page, saying the trust has experienced a major it problem believed to be caused by the cyber attack. the trust acted to protect its it systems by shutting them down. we are postponing all non—urgent activity for today and asking people not to come to a&e. people should use a&e for critical and life—threatening situations requiring medical attention such as loss of consciousness, heavy blood loss, suspected broken bones. avoid visiting a&e unless absolutely necessary. that is one example of the warnings being put out by hospitals and trusts around the country. this is

england, nhs england affected, not hospitals in wales or scotland. our correspondent is at barts in london. ba rts correspondent is at barts in london. barts one of many being hit hard by this. yes. one of the 16 hospitals which have been hit by what is emerging to be a very serious situation across the country. we asked somebody from the hospital of could come out and speak to us. clearly they have more important things to do but they have given us a statement saying there has been it disruption and here at the hospital they have put in a major incident plan to deal with the situation. they have cancel routine appointments and apologise to those patients who had appointments at the hospital and they say that ambulances are being diverted. there is no a&e here but at neighbouring

hospitals ambulances are being diverted as well. the issue is this and at the other hospitals affected they have had to shut down these it systems. when a patient comes in to a hospital they are put through the system electronically. doctors and co nsulta nts ca n system electronically. doctors and consultants can see the records of their previous appointments, blood tests, x—rays. most of the hospitals will not have that information, they will not have that information, they will have had to resort to paper—based system. hospitals each have their own it department and they will be working with nhs digital to try to get to the bottom of this and tried to come to a solution however in the meantime a serious situation at other hospitals, pigeons being told not to board the a&e unless absolutely necessary “—

board the a&e unless absolutely necessary —— patients being told. doctors and consultants and gps having to use pen and paper to take down notes about patients. an incredibly different situation for all of those involved will is. on the line is the patient safety correspondent at their health service journal. this correspondent at their health servicejournal. this is quite concerning. indeed. i do servicejournal. this is quite concerning. indeed. ido not servicejournal. this is quite concerning. indeed. i do not think we have ever seen a nationwide attack of this scale before. it is unprecedented. extreme trust declared by nhs digital —— i6 trusts. other hospitals are shutting down their systems. i can confirm that this is a ransom attack because we have seen the image coming up on at least some of the machines affected, i am looking at it, and it

demands payment of $300 worth of bit cloying to release the files within the next three days and if not the files will be lost in six days. it is having a major impact on the nhs. healing examples of staff up and down the country not able to access pathology tests, patient administration systems are down. these are things with doctors and nurses used to run their words of this will be having a real impact on the provision of service. that is very the provision of service. that is very concerning. the provision of service. that is very concerning. you are the patient safety correspondent. the issue is whether this is merely inconvenient and the hassle or whether there is potentially a real impact on safety for patients. it is important we do not exaggerate when incidents like this happen but clearly systems the staff are relying on our down and that has to be a risk there for

patient safety. nhs staff and managers practice for this stuff. they are clearly motivated to keep patients as safe as possible and i am sure everything is being done but this is not a normal day. it is an unprecedented attack. there has to be that risk. we are healing of ambulances being diverted, major incidents being declared. we cannot discount it entirely, there is a risk to patients and we have to find out after this, there will have to be serious postmortem as to how something like this was able to happen to the nhs and clearly there are questions around cyber security. one of the key questions that there will be trying to establish is whether any patient data has been accessed. nhs digital released a statement earlier saying they had no evidence to suggest that at the moment but that will be a critical question. that will be a concern for a lot of people but from the images

we can see of what the ransomware attackers asking of its victims, it seems to be more about taking down the computer infrastructure and preventing people from accessing that. it does not appear to be an attempt to download and access patient files. this may be random ra nsomwa re patient files. this may be random ransomware attack rather patient files. this may be random ra nsomwa re attack rather than patient files. this may be random ransomware attack rather than a specific attempt to access patient data. clearly it is a developing story and we do not know the full a nswe rs story and we do not know the full a nswers to story and we do not know the full answers to some of those questions yet. i imagine the key issue in terms of trying to circumvent this is how the material is backed up, how if at all they can get round this and get back into the system. yes. there is a debate in the nhs around cyber security. there have been attacks on individual hospitals in recent history and of course

those people familiar with the nhs will know that it has been particularly starved of funds in recent yea rs particularly starved of funds in recent years and that has meant a lack of investment and some of these areas. some hospitals moving away from windows xp and old systems. if you have an ageing system you're going to be more vulnerable to these things. there's going to have to be a long hard look at this in the future. thinking of the systems that trusts and so on have in place, the doctor we were speaking to was talking about the facts that the different gp practices, different trusts, may still have different systems, so there's not system rolled out across the whole of the nhs, hence why some people are affected and some are not. true, although we are beginning to hear about while those trusts not affected by the ransomware attack many who are communicating with those who are as a precaution they are shutting down their it systems

so we are weird of trust —— we are hearing of trusts which have key services which have been quarantined for want of a better word. using pen and paper because there is no other way to communicate. that was the trust not affected by the ransomware attack but taking precautionary steps. this is a nationwide problem and it will impact across the country. thank you. a cyber attack on the national health service in england. 16 or so hospitals we think have been hit by this cyber attack. gp surgeries as well. a ransomware attack. the nhs saying so far does not believe that patient data has been accessed. seeing this was not

specifically targeted at the nhs and is affecting organisations from across the range of sectors, according to nhs digital. we have heard that the number of businesses in spain have also been hit by this same ra nsomwa re malwa re in spain have also been hit by this same ransomware malware attack that has caused so many problems in the nhs. our digital team at the bbc is monitoring twitter and other social accou nts monitoring twitter and other social accounts and have been looking at different hospitals affected but they are also hearing, i do not know to what extent, that some dental surgeries are being hit as well. clearly this is very much a developing story. many people taking precautionary measures. whenever you are it would be worth having a look if you have an appointment in case there is advice from your local nhs trust. certainly those affected

encouraging people who might be thinking about it not to go to a&e u nless thinking about it not to go to a&e unless it is a genuine emergency. we can speak to a pharmacist at the gp practice in yorkshire. how have you been affected? we have had to turn for computers from about pm. we are still seeing patients and recording everything on paper notes so we can upload it on to the medical records whenever we have proper access again. have you ever seen a cyber attack like this? no. it is the first time. are you seeing on your computer screen this ra nsomwa re demand? no. we turned our computers of as prevention i guess that i have seen some gp colleagues on twitter,

but we had turned them off before we we re but we had turned them off before we were affected. how big an impact is that having on what you do? we are still able to see patients and try to get them the best care possible. it is long—term conditions we are managing these patients on so we are taking them on what they are saying but there are some thumbs i'm trying to manage that. if we are not co mforta ble to manage that. if we are not comfortable with any of the decisions we are asking them to come back again next week, which is obviously slightly inconvenient for them, but we have to make sure we get everything right. a number of hospitals telling us they have not been affected at all but quite a lot have and a lot of gp surgeries have. what do you think of the people who mount a cyber attack like this? it seems pretty clear that is for money, a demand for money. this is big business nowadays, international

criminal gangs making a lot of money from this sort of ransom demand. to attack the national health service, hospitals, gp surgeries, what do you think of the people behind this? hospitals, gp surgeries, what do you think of the people behind thi57m isa think of the people behind thi57m is a bit ofa think of the people behind thi57m is a bit of a disgrace, it is people's livelihood, people's care, especially in hospitals, patients may not be able to get appropriate care, it could be costing lives, which is a despicable act by whoever is behind it. do you have any idea when you might be able to get your it services back up and running? no. we have not been given any indication when we can get back up and running so we are playing everything by year until we are told that his aid. i hope you get back to normal shortly. that was a pharmacist at the gp practice in yorkshire. our main story is developing, the

nhs has been hit by what appears to bea nhs has been hit by what appears to be a large—scale cyber attack. 16 nhs organisations reporting across england not well so scotland but they appear to have been simultaneously hit by a large—scale computer virus. it has caused their it systems to sell and that has led many of them to have to divert their emergency patients and appealed to people not to come to a&e unless they have to. hospitals across the north, east, west midlands and london affected. the message that is appealing to nhs staff trying to access computers is this. that is the screen that is appealing

to nhs workers when they get onto their computers telling them they have been locked out of all their files. nhs digital, the branch of the nhs that looks at these technological issues says... no suggestion at the moment that any personal information may have been compromised. also hearing reports that some spanish companies were saying they

had been affected. whether it is the same attack we do not know. it looks like a slightly broader picture than just the nhs at the concern at the moment is clearly for the 16 parts of the nhs reporting they are having problems with this attack. 16 hospital and health organisations as pa rt hospital and health organisations as part of nhs england. we can speak to someone who has worked with the british government on cyber security as an associate. does this sure that the national health service is perhaps needing to up their game in terms of defence against cyber attacks like this? maybe they are wrong about? i am no longer with them but i am with nottingham university. the answer is we are a lwa ys university. the answer is we are always going to be vulnerable and it is not a question of not being able

to the pain the game. i am pretty certain the national cyber security centre will be all over this trying to track who is behind this. there isa to track who is behind this. there is a reasonably good chance they will be able to do it. really? i think there is. it may not happen on time but i would totally hope with the number of attacks taking place you can start building up profiles and one would hope they will be able to find out who it is because otherwise it is a very difficult situation. if you imagine the number of hospitals, 16 other organisations, a huge amount of money at stake, a huge amount of disruption, people affected by not being able to have operations, some of those could be life—threatening. this is a very significant national security issue. i am pretty certain that all of the mechanisms of state

will be on this case and what i hope will be on this case and what i hope will be on this case and what i hope will be happening of course is there are what we call disaster relief mechanisms which can be put into place, so if the organisations have the ability to recover from a disaster, which could be recovering data, this data may be encrypted but they have back—ups and things which may well be available, and if they are available they may well mitigate some of the losses that they may incur in terms of data. reading that ransom demand coming up on people's screens in the nhs, pay with then three days or you will have to pay double. it is slightly like highway robbers with a gun to your head. absolutely. crime is an age—old thing and this is just a absolutely. crime is an age—old thing and this isjust a digital version of exactly that. it is more

like extortion, blackmail. they feel they can get away with it. one of they can get away with it. one of the things i would stress to organisations, and there are many sadly who do not have an approach to data management, and they should adopt that approach, and there are some very adopt that approach, and there are some very good, not very many people know how to do this, but one of those things is to have a disaster recovery plan which makes you less susceptible to data loss and less susceptible to data loss and less susceptible to data loss and less susceptible to fire and other... so you can recover your data in other words? if you have a data back-up plan which is independent, which gives you independent data from that which they have interrupted, if they have encrypted the data on your system have encrypted the data on your syste m o n have encrypted the data on your system on your current servers, your back—up servers, then there is a very good chance you can recover

most of that data. there are other security measures that can be put in place to prevent you from getting infected by this sort of ransomware andi infected by this sort of ransomware and i think this is a very good opportunity for many organisations, government and commercial, to really look at their disaster recovery plan and look at it with the very few people who can advise them on a holistic approach, not just a technical approach, which does effectively deal with one aspect of the potential threat, but somebody ora the potential threat, but somebody or a group the potential threat, but somebody ora group of the potential threat, but somebody or a group of people who have the wider awareness of cyber security and can give you that fall sweet, most critical in this case is a very well managed and practice disaster recovery plan. when you said they might be able to find who is

responsible for this to track them down, they could be anywhere in the world ? well beyond down, they could be anywhere in the world? well beyond british jurisdiction. that is very true. it isa jurisdiction. that is very true. it is a good point. finding somebody is one thing. being able to do something about them is quite another. but i am pretty certain that they will definitely is going to be there at the highest levels in government. i would to be there at the highest levels in government. iwould not to be there at the highest levels in government. i would not be surprised if corpora is looking to action. the government's emergency committee? that is right. once this sort of thing is allowed to happen and people are allowed to get away with it we will be held to ransom on a bigger scale. do you think government run organisations like the nhs are more probable than commercial businesses that have a lot of money and can spend a lot of money on it defence? possibly,

because the government organisations have a very poor record across—the—board of have a very poor record across—the—boa rd of it have a very poor record across—the—board of it procurement. the mechanism, the bureaucracy is such that procurement is confused, it is usually overbudget, over time and it is very possible that security sufferers from the other performance as aspects of this might have to be looked at to make sure the security side of it is as advanced as possible. thank you. to reiterate what we know so far, a number of hospitals and doctors surgeries across england are being forced to turn away patients and cancel some appointments because of what appears to be a ransomware a cyber attack within various nhs

computer systems. it is not across the whole country. england is affected, not wealth of scotland have different systems. even within the english system we are seeing certain trust affected than others not so it may depend where below. also it is not confined just to england because several spanish firms appear to have had issues with cyber attacks. telefonica and several other spanish companies saying they have been targeted in a cyber attack today. the energy ministry having confirmation of areas cyber attacks on spanish companies. what is the latest?m areas cyber attacks on spanish companies. what is the latest? it is across england and seems to be serious ra nsomwa re are across england and seems to be serious ransomware are called wanna decryptor and it has been defeated before so perhaps there is some hope the nhs will be able to get this off of their systems and get things up and running. in february there was a

similar thing happened in america and running. in february there was a similarthing happened in america in ohio when they had 1000 computers infected with a similar strand of ra nsomwa re and they infected with a similar strand of ransomware and they were not able to use their computers for days. it went on for a few days so it was quite serious. any government work including emergency services or paying your taxes, you could not use your computer. they said it was like going back 25 years to pen and paper and we have heard that doctors are going back to the same thing. they cannot use their email. how did we survive without computers? how do you defeat this ransomware attack? is there any straightforward quick way of defeating it? cyber security experts always say the simplest thing is having a back—up of your data and then you can wipe the infected machine and do not pay the ransom and do restore your data. sometimes you can decrypt the files

without being the ransom but sometimes people choose to pay because they are scared. if this infected your computer at home you might be worried because you have lost photographs, music, i would imagine ina lost photographs, music, i would imagine in a system like the nhs confidential data is stored in the cloud or on a server remotely and not on individual computers so the fa ct not on individual computers so the fact they are locked down is a massive inconvenience but probably not a risk hopefully to patient data and the nhs have said that no patient data appears to have been accessed. if you pay the demand do they unlock your system ? accessed. if you pay the demand do they unlock your system? when you are dealing with criminal should campbell never be sure that they will stay true to the word and the advice is not to pay the ransom because it encourages this. people making a lot of money. ransomware is what we hear about most. because it is so scary when you are threatened with losing your files people

sometimes do get tempted to pay but there is no guarantee people will give you your files back. in the there is no guarantee people will give you yourfiles back. in the nhs where time is often critical dealing with patients or can be tempting to try to get things back and pay the ransom. when you talk about paying, they want money in bit coins, what is the significance of that? it is an online currency which has value because they give it value, people will accepted for payment for products and services, and because it is decentralised it can sometimes be used anonymously so it is very difficult to track who is using it. it might be harder to track who is receiving the money. possible, but harder. much more on this developing story coming up at 5pm. this concerted cyber attack on at least 16 nhs concerted cyber attack on at least i6 nhs organisations in england. the

nhs doing their best to deal with it. that is all from us. we have quite a mixed bag of weather, northern scotland is the place to be for sunshine today. most other parts of the uk seeing a lot of cloud and there have been outbreaks of rain. confirmation of a pretty messy picture across the uk, rain moving northwards showers behind, sunshine in northern scotland. quite ready on the eastern side of scotland, windy and chilly. for most of england and wales the showers become fewer and further between overnight that we will keep a few between overnight that we will keep afew in between overnight that we will keep a few in the north and west. not a cold night by a stretch. then, 11 or 12. the southern half of the uk

doing well. some breaks in the cloud. some sunshine in the morning. i3 cloud. some sunshine in the morning. 13 or 1a degrees at 9am. the workload on to the north of wales and the north—west of england and some rain to go with that and maybe some rain to go with that and maybe some rain to go with that and maybe some rain into the eastern side of the pennines. cloud for northern ireland, some rain, sunny skies across scotland. outbreaks of rain and pretty great along the eastern side of scotland. it will be breezy towards the west. the south—eastern corner sees the best of the sunny spells and it is going to be quite warm. further north and west, more cloud and temperatures lower. a little bit of rain at manchester city but i think we will be dry for bournemouth and stoke. saturday night we start to see a band of rain

moving across pretty much all parts of the uk which will not last too long in any location. on sunday most of the rain is gone pretty quickly and we moved to fresher air so we will have sunny spells and scattered showers on sunday. a fresher feel to the day. the early part of next week the day. the early part of next week the north—west will be fairly cloudy with rain at times. further south and east, a good deal of sunshine and east, a good deal of sunshine and on tuesday we could see temperatures as high as 2a or 25 but thatis temperatures as high as 2a or 25 but that is sure not to last. plenty more details on the website. today at 5:00pm: nhs hospitals in england are hit by a cyber attack, forcing some to turn off computer systems and divert emergency cases to other hospitals. some routine appointments have been

cancelled. some routine appointments have been cancelled. trusts and hospitals between london and cumbria have been affected. nhs england has launched an investigation. iam i am outside barts hospital in london, one of the 16 hospitals that have been affected by this major cyber attack. have been affected by this major cyber attack. we'll have the latest reaction as the story unfolds. the other main stories on bbc news at 5:00pm: jeremy corbyn says the war on terror has not worked — military intervention has become "almost routine" and fresh thinking is needed.