Attackers hit the U.K.'s National Health Service with ransomware Friday, preventing physicians from accessing patient information in the systems of at least 16 organizations.
There is evidence that the attack has spread into the U.S., according to an email the Office of the National Coordinator for Health Information Technology sent Friday afternoon that urges the healthcare industry to "continue to exercise cybersecurity best practices—particularly with respect to email."
Ransomware has been on the rise in healthcare specifically, as attackers use techniques like phishing emails to gain access to health systems' files. There have been 4,000 ransomware attacks every day since early 2016, according to the U.S. government. And Osterman Research shows that almost half of hospitals in the U.S. were attacked with ransomware between June 2015 and June 2016.
The NHS said the attack used ransomware known as Wanna Decryptor, a piece of software that gets inside a system—in this case via a phishing email—creates encrypted copies of files, deletes the originals, and then waits for users to pay, in bitcoin, for decryption. This specific ransomware likely exploits a vulnerability developed by the National Security Agency and recently leaked.
Screenshots on social media showed a message saying that files had been encrypted and would only be accessible after the user paid ransom. "We guarantee that you can recover all your files safely and easily. But you have not so enough [sic] time," the message read. If payment is not submitted by a certain time, the ransom will go up, and if it's still not submitted by May 19, the files will be deleted.
In the meantime, affected hospitals are sending emergency room patients elsewhere and using paper.
The attacks on NHS are just a few of the attacks unleashed on European and Asian companies by hacking group the Shadow Brokers on Friday.