LONDON — An extensive cyber attack hit Britain’s National Health Service on Friday, blocking doctors from gaining access to patient files, causing emergency rooms to divert patients and stoking fears about hackers’ ability to wreak havoc on vital public services.
Spanish and Portuguese companies, including Telefónica, Spain’s largest telecom operator, experienced a similar attack on Friday, and there were reports of so-called ransomware attacks in a number of countries, including Italy and Ukraine. It was not immediately clear if the attacks were coordinated or related.
The attack on the National Health Service seemed the most serious, since it had life-or-death implications for hospitals and ambulance services. Reuters reported that employees had been warned about the ransomware threat earlier on Friday.
Tom Donnelly, a spokesman for N.H.S. Digital, the arm of the health service that handles technology, said in a phone interview that 16 organisations, including “hospitals and other kinds of clinician services,” had been hit by a cyber attack.
“It is still ongoing,” he said. “We were made aware of it this afternoon.”
The service’s digital arm said in a statement that the attack involved a variant of ransomware known as Wanna Decryptor.
Ransomware is a form of malware that encrypts data and locks out the user. The user is then asked to pay a ransom to unblock the computer. It has become an increasingly prevalent problem. Last year, a Los Angeles hospital paid $17,000 after such an attack; earlier this year, hackers shut down the electronic key system at a hotel in Austria.
On social media, several images circulated showing computer screens bearing a message that the user could not enter without first paying a $300 ransom in Bitcoin. Many doctors reported that they could not retrieve their patients’ files.
N.H.S. Digital added, “At this stage, we do not have any evidence that patient data has been accessed.”
It said that the N.H.S. did not appear to have been the target of the attack.
The National Cyber Security Center, an arm of the GCHQ, the British electronic surveillance agency, said it was investigating the attack. “We are aware of a cyber incident, and we are working with N.H.S. Digital and the National Crime Agency to investigate,” it said in a statement.
As of 3:30 p.m., 16 organisations within N.H.S. England had reported being affected, the statement said. (It did not immediately appear that the N.H.S. systems in Scotland, Wales or Northern Ireland had been hit.)
According to the BBC, hospitals in the cities of London and Nottingham, the town of Blackburn, and the counties of Cumbria and Hertfordshire had been affected.
In the northwestern seaside town of Blackpool, doctors had resorted to pen and paper, with phone and computer systems having shut down, according to the local newspaper, The Blackpool Gazette.
A bit to the south, in the seaside town of Southport, images on Twitter showed ambulances backed up outside the town’s hospital.
In Stevenage, a town in Hertfordshire, north of London, the health service postponed all non-urgent activity and asked people not to come to the accident and emergencies ward at the Lister Hospital.
The National Health Service, which is an institution that Britons both revere and love to complain about, said it was “working closely with the National Cyber Security Centre, the Department of Health and N.H.S. England to support affected organisations and to recommend appropriate mitigations.”
Less was known about the scope of the attacks in Spain and Portugal, which affected companies like Telefónica.
Spain’s national cryptology center said it was dealing with “a massive ransomware attack” affecting Windows systems used by various organizations, without naming them.
Later on Friday, Portugal reported a similar attack. Carlos Cabreiro, the director of a police unit that fights cybercrime, told the newspaper Público that the country was facing “computer attacks on a large scale against different Portuguese companies, especially communication operators.”
Spain’s industry ministry said in a separate statement that the attack did not affect networks or end users of services offered by the companies targeted. Telefónica also indicated that the attack targeted its internal network rather than its millions of customers. On Twitter, Chema Alonso, Telefónica’s chief data officer, called initial news reports “exaggerated.”
Dan Bilefsky reported from London, and Raphael Minder from Fátima, Spain. Yonette Joseph contributed reporting from London.