Cybersecurity Alert: Ransomware Attack Hits 16 Health Institutions in U.K.

May 12, 2017

Threat Summary

The National Health Service (NHS) announced that they experienced a ransomware attack on Friday, 12th May, that affected 16 NHS organisations and some GP practices. Similar ransomware attacks were reported on Friday by companies in Spain, Portugal, Italy, and Ukraine including Telefónica (Spain's largest telecom operator). NHS Digital is working closely with the National Cyber Security Centre to investigate the attack and believes the malware variant being used is Wannacry Decryptor. NHS is working to resolve the problem as swiftly as possible.

For more information and a list of affected NHS organisations, see:

ACA Aponix Guidance

Early indicators and response indicate that these cyberattacks may be leveraging Microsoft vulnerabilities that were made public via the recent NSA leaks and that were subsequently patched by Microsoft. In particular, the MS17-010 vulnerability has been flagged as a potential source.

ACA Aponix strongly recommends reviewing Microsoft patch cadence, and validating that the patch for this vulnerability in particular has been applied. For more information, see:

If you have any questions, please contact your ACA Aponix consultant or email us at