Organisations urged to take security steps after cyber-attack
Organisations across Scotland have been warned to take steps to protect cyber security as systems get back up and running on Monday.
It follows Friday's ransomware attack on NHS computers which affected 13 health bodies in Scotland.
There are fears of more cyber attacks as people begin work after the weekend, although few have been reported so far.
First Minister Nicola Sturgeon told BBC Scotland that patient confidentiality had not been affected.
Speaking on BBC Radio's Good Morning Scotland programme she said she expected computer networks "by and large" to be up and running on Monday morning, but urged organisations to follow government guidance and take appropriate security steps.
- Microsoft: Cyber-attack a 'wake-up call'
- NHS bosses fear further cyber infections
- Is my computer at risk?
- Scottish NHS in 'recovery phase'
"The Scottish government has been coordinating a process over the weekend of contacting round about 120 public sector organisations to make sure that these messages have got out there strongly, but obviously private sector companies are potentially vulnerable as well," the first minister said.
"I think there is a concern that as people switch on their computers on a Monday morning we may see more impact from this virus, but we will be continuing to work as hard as we can to minimise that."
Across Scotland, the security breach disrupted GP surgeries, dental practices and other primary care centres.
Eleven area health boards were affected, as were NHS National Services and the Scottish Ambulance Service.
The impact of the breach was especially felt in NHS Lanarkshire, where doctors at acute hospital sites had to rely on pen and paper to process some patients.
The virus is known as Wanna Decryptor or WannaCry. It locks users' files and demands a $300 (£230) payment to allow access.
Ms Sturgeon said no patient data had been lost in the ransomware attack.
"One thing that is very important to stress is that there is no evidence that there has been any patient data compromised, so patient confidentiality hasn't been affected, but of course there will have been an impact on patients with some appointments cancelled," she said.
An investigation is under way to identify the cause of the attack and ministers are to convene an extraordinary meeting of the National Cyber Resilience leaders' board on Tuesday to review the response to the breach.
Ms Sturgeon said she was not aware of any ransoms being paid over the cyber attack but said that will be part of the police investigation.
A "range" of Windows operation systems are used by the NHS in Scotland and Ms Sturgeon said there is regular investment in cyber security.
She added: "We invest heavily in cyber resistance. The Scottish Government, in the NHS, invests round about £100m a year. NHS boards will collectively invest a similar amount.
"We expect systems, by and large, to be up and running today, obviously there will be ongoing work to learn lessons about what has happened."
Microsoft has said the cyber-attack - which has hit 150 countries since Friday - should be treated by governments around the world as a "wake-up call".
It blamed governments for storing data on software vulnerabilities which could then be accessed by hackers.
Some impact from Friday's attacks was still being felt on Monday morning.
The Scottish Prison Service said its email systems and website were down for a period of time as work was carried out to make them safe. They were later restored.
In the Borders, services at Hawick Health Centre were affected for a short time but are now running as normal.
NHS Highlands urged patients to attend appointments as planned. Problems with the radiology system in the Western Isles was affecting staff's ability to share images with mainland health boards.
GPs in the NHS Tayside area were among those hit by problems on Friday.
Speaking on BBC Radio Scotland, Dr Andrew Cowie from Hawkhill Medical Centre in Dundee, said: "They haven't got everything up and running yet, so it's going to be a bit of a difficult day.
"Incredibly, the NHS Tayside engineers have been in here for more than 20 hours over the weekend.
"We've lost all the data from Friday because we've gone back to the back-up on Thursday night, but we're able to see patients perfectly normally this morning."
Prof Bill Buchanan, an expert on computer security and cybercrime from Edinburgh Napier University, has warned that more investment is needed to stop systems being vulnerable to future attacks.
He told BBC Radio Scotland: "It is a large and complex infrastructure in the NHS and it is very difficult to defend.
"But really we need to start to invest in proper cloud-based systems which can lock down every computer that connects into the main network.
"We now have to realise that we have critical industries such as energy, transport, education, and they need to be as robust as anything you would find in the finance sector."
Which Scottish NHS organisations were affected by the ransomware attack?
- NHS Borders
- NHS Dumfries and Galloway
- NHS Fife
- NHS Forth Valley
- NHS Lanarkshire
- NHS Greater Glasgow and Clyde
- NHS Tayside
- NHS Western Isles
- NHS Highlands
- NHS Grampian
- NHS Ayrshire and Arran
- NHS National Services
- Scottish Ambulance Service