Back to news

Cyber attack – information for GP practice staff

The information below can be used as a guide in discussions with patients. It is intended to help you answer questions from patients as they arise.

  • A number of NHS organisations , including hospitals and GP practices, have been affected by a ransomware attack.
  • This has impacted organisations in different ways. In some cases computers have been infected with the ransomware virus; in other cases, computers/servers/internet connections have been shut down as a precautionary measure to prevent the spread of the virus.
  • This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.
  • NHS IT staff are being supported by cyber security experts as they work around the clock to fix the problem and bring impacted systems back online.
  • There is no evidence that patient data has been accessed or that patient records have been affected.
  • Clinical systems are unaffected and GPs can continue to access information, including electronic patient records as normal. However, connections between different NHS organisations have been affected and this means it may not be possible for information to be shared electronically between the practice and other organisations, for example electronic prescriptions and test results, on Monday. IT are working to resolve this as quickly as possible. 


The following are instructions for the actions you need to take.

The IT team have confirmed that it is safe to turn PCs (and all other devices) back on.  The patch to prevent the PC becoming infected will automatically be applied, although it won't fix any devices that have been infected. Infected devices will be re-imaged by IT engineers who will be on site at the earliest opportunity.

Practice Managers will need to switch on servers in the Practice as this cannot be done remotely.  If you have concerns that your server has not come back up correctly, please contact the NEL CSU Helpdesk during normal hours.

The patch will run in the background and you will not see anything that confirms that the patch has been applied.

-        If the patch was not already applied, the machine will restart

-        If the patch was already applied, you will see nothing

If a device is infected with the virus, you should disconnect that machine from the network and switch it off.  This should be reported immediately  with all asset tags, confirmation of your location, the total number of devices and the number of devices affected by the virus to help the IT team to prioritise engineering support.  

Please do not call the Service Desk to report virus infection.

If you have no or limited access to Clinical Systems please continue to operate according to your business continuity plan.

The network may be slow due to the volume of updates going out so please start your most critical machines first e.g. reception and consulting rooms.

If you have any infected machines it is safe to use any others that are unaffected. 

If the affected machines are in critical areas e.g. reception you can swap other unaffected machines from somewhere else in the Practice. 

Please clearly mark and keep track of any machines that are affected.

It is safe to use all systems including Clinical Systems, NHSmail and the internet.  Please continue to practise good IT housekeeping ie don't open attachments or click on links unless you're sure about where they have come from and what they are.

Please only report those issues that need an urgent fix to the IT helpdesk over the next couple of days.