Britain's health service paralyzed in massive international cyber attack

Last Updated May 12, 2017 10:39 PM EDT

Hackers demanding money targeting computer systems all over the world on Friday, paralyzing 16 national health organizations throughout Britain, in what is believed to be the largest cyberattack of its kind in history.

All total, up to 99 countries were hit, with security experts saying Russia appeared to be the hardest hit. The U.S. was not immune: FedEx was among the targets.

The malware program is called WannaCry and it was first uncovered in documents stolen from the National Security Agency, CBS News' Charlie D'Agata reports. The security holes it exploits were disclosed several weeks ago by TheShadowBrokers, a mysterious group that has published what it says are hacking tools used by the NSA as part of its intelligence-gathering.

ap-17132543156534.jpg

This image provided by the Twitter page of @fendifille shows a computer at Greater Preston CCG as Britain's National Health Service is investigating "an issue with IT" Friday May 12, 2017. 

@fendifille via AP

Shortly after that disclosure, Microsoft announced that it had already issued software "patches" for those holes. But many companies and individuals haven't installed the fixes yet or are using older versions of Windows that Microsoft no longer supports and didn't fix.    

The U.S. Department of Homeland Security issued a warning Friday night urging Windows users to update all systems to include the latest patches and software update and not to click or download any unknown links. 

It's unclear where the malware came from.

Politico cybersecurity reporter Eric Gellar told CBSN that this is one of the first time cybercriminals have used the flaw in the code of Windows to spread this "ransomware" since it was exposed. 

Security experts said the attack appeared to be caused by a self-replicating piece of software that enters companies and organizations when employees click on email attachments, then spreads quickly internally from computer to computer when employees share documents and other files.    

In Britain, ambulances were diverted to other hospitals, patients were turned away and surgeries were canceled, D'Agata reports. When hospital employees signed in, their files were turned into gibberish and encrypted to be unreadable.

To decode the files, hackers were demanding $300, an amount they claimed would double in three days – or data would be destroyed.

"This was not an attack that targeted the NHS," British Prime Minister Theresa May said. In a statement, May said that no patient data had been compromised.

Patrick Ward, a 47-year-old sales director, said his heart operation, scheduled for Friday, was canceled at St. Bartholomew's Hospital in London.

ap-17132623454449.jpg

Patrick Ward, 47, a sales director at Purbeck Ice Cream, from Dorset in England, poses for photographs after giving media interviews after his heart operation scheduled today was cancelled because of a cyberattack, outside St Bartholomew's Hospital in London, Friday, May 12, 2017. 

Matt Dunham / AP

Tom Griffiths, who was at the hospital for chemotherapy, said several cancer patients had to be sent home because their records or bloodwork couldn't be accessed.

"Both staff and patients were frankly pretty appalled that somebody, whoever they are, for commercial gain or otherwise, would attack a health care organization," he said. "It's stressful enough for someone going through recovery or treatment for cancer."

Mikko Hypponen, chief research officer at the Helsinki-based cybersecurity company F-Secure, called the attack "the biggest ransomware outbreak in history."
                       
Chris Wysopal of the software security firm Veracode said criminal organizations were probably behind the attack, given how quickly the malware spread.

"For so many organizations in the same day to be hit, this is unprecedented," he said.

In addition to Russia, the biggest targets appeared to be Ukraine and India, nations where it is common to find older, unpatched versions of Windows in use, according to the security firm.           

Spain, meanwhile, took steps to protect critical infrastructure in response to the attack. Authorities said they were communicating with more than 100 energy, transportation, telecommunications and financial services providers about the attack.
           
Spain's Telefonica, a global broadband and telecommunications company, was among the companies hit.
           
Ransomware attacks are on the rise around the world. In 2016, Hollywood Presbyterian Medical Center in California said it had paid a $17,000 ransom to regain control of its computers from hackers.
           
Krishna Chinthapalli, a doctor at Britain's National Hospital for Neurology & Neurosurgery who wrote a paper on cybersecurity for the British Medical Journal, warned that British hospitals' old operating systems and confidential patient information made them an ideal target for blackmailers.
           
He said many NHS hospitals in Britain use Windows XP software, introduced in 2001, and as government funding for the health service has been squeezed, "IT budgets are often one of the first ones to be reduced."
           
"Looking at the trends, it was going to happen," he said. "I did not expect an attack on this scale. That was a shock.