The National Cyber Security Centre (NCSC) has tonight confirmed that it successfully thwarted a sophisticated cyber attack targeting the UK’s National Health Service (NHS) automated triage system. The attack, which sources describe as “state-sponsored” in its complexity, was detected and neutralised in the early hours of this morning.
Developing tonight: the NCSC said in a statement that the attack “posed a significant threat to patient safety and NHS operations”. The automated triage system, which uses artificial intelligence to prioritise patient admissions and emergency responses, was the target. Had it succeeded, the attack could have disrupted emergency services across multiple trusts.
The NCSC’s rapid response team, working with NHS Digital, isolated the breach within 90 minutes of detection. Forensic analysis is ongoing, but initial findings suggest the attack involved a custom-built malware variant designed to corrupt patient data and redirect triage queues. “This was not a random act of cyber vandalism. It was a calculated, high-sophistication intrusion,” said an NCSC spokesperson.
Home Secretary Dame Diana Johnson was briefed at 6 a.m. today. She described the swift action as “a testament to the resilience of our national cyber defences”. “We will not tolerate attempts to weaponise digital infrastructure against the British people. Those responsible will be identified and held accountable,” she said in a statement.
The attack comes amid heightened tensions with Russia-backed hacker groups, though the NCSC has not formally attributed the incident. A government source, speaking on condition of anonymity, told The British Wire: “The fingerprints of a known advanced persistent threat (APT) group are all over this. We are tracking multiple IP addresses linked to Eastern Europe.”
The automated triage system, rolled out during the pandemic, now handles more than 40 per cent of all NHS emergency admissions. It uses algorithms to assess patient urgency based on symptoms, medical history, and hospital capacity. A prolonged failure could have forced hospitals to revert to manual triage, causing delays and potentially leading to avoidable deaths.
Dr. James Fairclough, an NHS cybersecurity expert, called the attack “deeply alarming”. “The triage system is the nerve centre of our emergency response. Compromising it would be like cutting the head off the snake,” he said. The NCSC has urged all NHS trusts to be on high alert and to review their defences against similar attacks.
This is the most serious cyber assault on the UK’s healthcare infrastructure since the 2017 WannaCry ransomware attack, which crippled thousands of NHS computers. Since then, the government has invested over £250 million in cyber defences. But tonight’s incident raises fresh questions about whether the system remains vulnerable to future attacks.
Labour’s shadow health secretary, Sarah Woolley, called for an urgent parliamentary inquiry. “The NHS is the frontline of our national security. We cannot afford to treat cyber threats as an afterthought. We need a full investigation into how this happened and what lessons can be learned,” she said.
The NCSC has activated its Cyber Incident Response scheme, which provides additional support to affected organisations. Meanwhile, counter-terrorism police are conducting a parallel investigation, treating the attack as a potential threat to national security.
As the investigation continues, the public is being advised that there is no immediate risk to patient data. However, all NHS appointments and emergency services are operating as normal. The NCSC emphasised that no patient information was compromised in the thwarted attack.
This is a developing story. The British Wire will continue to provide updates as more information becomes available.
