NHS cyber attack: lessons must be learned, says Shona Robison

Shona Robison said health boards affected in Scotland were recovering and there was “a level of confidence” that GP systems would run as normal on Monday.

Eleven health boards and the Scottish Ambulance Service were hit as part of a global attack which is reported to have affected up to 99 countries.

Acute hospital sites in Lanarkshire, as well as GP surgeries, dental practices and other primary care centres around the country have been affected by the ransomware attack on IT networks, which also disrupted health services in England.

Ms Robison told BBC Radio Scotland’s Good Morning Scotland programme: “This is a huge international cyber attack affecting companies who have the highest level of security within their IT systems.

“We have good security within our IT systems but this has been a major, major attack but I can absolutely assure you and the public that any lessons that can be learned from this incident will be learned.”

The Health Secretary said work had been carried out throughout the night to get systems in Scotland back up and running, and stressed that the incident had not impacted on patient safety or confidentiality.

She said: “We’re very much into recovery phase now with a lot of work going on to get systems back up and running.

“On the GP systems, which of course were the main problem across our health boards, work is going on and there’s a level of confidence that many will be back up and running before GP surgeries reopen on Monday morning.

“Lanarkshire has been more affected in terms of its acute hospitals. The manual systems have worked safely and patients haven’t been negatively impacted by that and it’s important to stress that.

“People have worked overnight with IT suppliers in Lanarkshire and the intention today is to begin to start testing those IT systems and to gradually and safely try to bring those back on over the course of the weekend.

“I would stress again that through all of this there has been no breach to patient confidentiality that has been detected to date so patients should be reassured by that.”

She emphasised there had been no impact on the majority of the out of hours systems across Scotland, with NHS 24 working as normal along with the Scottish Ambulance Service, where the only issue had been with desktop PCs that were non patient facing.

“All the other parts of the system that people would use over the weekend are working as normal,” Ms Robison said.

The health boards affected are NHS Borders, Dumfries and Galloway, Fife, Forth Valley, Lanarkshire, Greater Glasgow and Clyde, Tayside, Western Isles, Highlands, Grampian, and Ayrshire and Arran.

Most of the incidents have been confined to desktop computers in surgeries and primary care centres.

Health chiefs in NHS Lanarkshire have urged non-emergency patients to stay away from its hospitals as it dealt with the attack.