Action to 'enhance security' following cyber-attack

Action to increase cyber security is to be stepped up in Scotland following the ransomware attack on NHS computers.

Justice Secretary Michael Matheson said more than 120 public bodies were being contacted to ensure their defences were adequate.

He said NHS systems in Scotland were expected to be recovered by Monday and that patients with appointments should attend as planned.

Eleven area health boards were affected by the cyber-attack on Friday.

NHS National Services and the Scottish Ambulance Service were also hit by the attack, which disrupted systems in nearly 100 countries.

Mr Matheson said that he would be bringing together the national heads of IT services from public bodies across Scotland to look at what lessons should be learned from the attack.

The impact of the breach was especially felt in NHS Lanarkshire, where doctors at acute hospital sites had to rely on pen and paper to process some patients.

Across Scotland the breach disrupted GP surgeries, dental practices and other primary care centres.

Organisations across the globe, including investigators from the National Crime Agency (NCA), are working to hunt down those responsible for the Wanna Decryptor ransomware, also known as WannaCry.

Mr Matheson said the Scottish government was liaising closely with the National Cyber Security Centre and NHS Scotland to identify the cause of the attack.

Ministers are to convene an extraordinary meeting of the National Cyber Resilience leaders' board on Tuesday to review the response to the breach.

A "lessons learned" exercise will also take place to help mitigate the risks from further attacks.

The justice secretary said: "Friday's attack has highlighted the need for everyone to have appropriate and robust measures in place to protect against cyber-attacks which could strike any IT system at any time.

"NHS Scotland systems are being recovered, we expect them to have returned to normal by Monday, and it is important to emphasise that there is no evidence that patient data has been compromised.

"Patients who have appointments booked for Monday and beyond should attend as planned.

"However, we must remain particularly vigilant against further incidents and the Scottish government is taking action to enhance security, including contacting over 120 public bodies to ensure they have appropriate defences in place."

Which Scottish NHS organisations were affected by the ransomware attack?

Mr Matheson said one of the most common methods of infecting computer systems was through links and attachments in emails.

He added: "Therefore I would urge everyone to think twice before clicking on attachments or links from sources that they don't know."

Mr Matheson also thanked everyone at the NHS and other bodies who had worked "round the clock" to deal with the breach.