If you suspect that your practice IT system has been infected by malware:
Do not pay any ransom demanded.
Ideally within 30 minutes of discovery:
• Contact Practitioner Services Division (PSD) to inform them of the problem and have your CAT20 SWAN connection cut to protect the wider NHS network. If for some reason NSS cannot remotely disable the SWAN/CAT20 router immediately, isolate the practice from the SWAN network by unplugging the SWAN router.
• Call your NHS Board Information Governance Lead immediately. If you have practices in other Board areas, let them know directly so they can protect the rest of the local NHS.
• Call the company that manages your IT hardware to report the attack and to arrange for your IT systems to be cleansed.
Contact your practice software system operator to report the attack and discuss the process for recovering data from the back-up once your IT system has been cleansed.
Report to the police (if applicable).
Report to the Information Commissioner’s Office (ICO) (if applicable) within 72 hours of discovering a personal data breach [1]
Your Health Board may have issued guidance on cybersecurity and ransomware attacks and you should follow this advice in the first instance.