Lessons from WannaCry

Source: NHE May/June 2018

Sir Geoffrey Clifton-Brown, a member of the Public Accounts Committee, warns that the UK Government must take seriously the threat of a more sophisticated cyber-attack in light of last year’s WannaCry fiasco.

On Friday 12 May 2017, the WannaCry cyber-attack was a serious wake-up call for the NHS. The attack resulted in enormous disruption to health services, with over 30% of NHS trusts across England and Wales severely affected.

Also, more importantly, as a result of this major breach of security the NHS had to cancel nearly 20,000 critical operations  and hospital appointments. Furthermore, patients were diverted from the five A&E departments that were unable to treat them.

The attackers capitalised on the fact that the vast majority of the NHS’s internal computer systems still run on outdated Windows XP software. To compound this, the department’s cyber security contingency plans had not been adequately shared, and not a single affected trust passed a full cyber security inspection.

Internal communication was also at fault. As the attack unfolded, people across the NHS did not know how best to communicate with the department or other NHS organisations and resorted to using ineffective and untested ways to defend against the attack.

The NHS was, however,  extremely  lucky in the timing of this cyber-attack. The disruption could have been much worse. Fortunately, the attack happened on a relatively quiet Friday afternoon in May and through fast action, the kill switch to stop the attack spreading was identified and activated relatively quickly. Notwithstanding, the Department of Health and Social Care and its associated NHS England bodies were unprepared for the relatively unsophisticated WannaCry attack.

As we discovered during this inquiry, the department still does not know what financial impact the WannaCry cyber-attack had on the NHS. As a consequence, this is severely affecting the NHS’s ability to identify how to properly invest in cyber security in the future.

Although the department and NHS bodies have learned lessons from WannaCry, they have a lot of work to do to improve cyber security for when, and not if, there is another attack.

The recent use of a nerve agent to poison those on British soil as we witnessed in Salisbury earlier this year has understandably intensified concerns about this country’s ability to effectively respond and defend against major international threats. Additionally, our National Health Service is one of our most valuable assets and must never be allowed to become an easy target for hostile foreign actors.

In the 21st century, a cyber-attack is an unimaginably lethal weapon which can have   a huge impact on our safety and security. It must be treated as the serious and critical threat that it is. There is no reason to suspect that future attacks won’t be even more sophisticated and malicious in intent and the whole of government must recognise that it could be at risk of a cyber-attack too.


Enjoying NHE? Subscribe here to receive our weekly news updates or click here to receive a copy of the magazine!


There are no comments. Why not be the first?

Add your comment


national health executive tv

more videos >

latest healthcare news

Alexa at forefront of Hancock’s plans for ‘digital transformation’ at NHS

20/07/2018Alexa at forefront of Hancock’s plans for ‘digital transformation’ at NHS

Patients will be able to diagnose symptoms through the use of their Alexa device in a landmark new partnership between the NHS and Amazon. &... more >
Hancock pledges to fix ‘heart-breaking’ low staff morale: ‘I will fight for you’

20/07/2018Hancock pledges to fix ‘heart-breaking’ low staff morale: ‘I will fight for you’

In his first-ever speech since taking up the top job, new health and social care secretary Matt Hancock – who replaces Jeremy Hunt after hi... more >
NHS gets £500m tech boost to overcome ‘binary approach’ to care

20/07/2018NHS gets £500m tech boost to overcome ‘binary approach’ to care

The new health and social care secretary has outlined his plans for the future of the NHS, pledging almost half a billion pounds to the technolog... more >
681 149x260 NHE Subscribe button

the scalpel's daily blog

Personal Health Records: empowering people

18/07/2018Personal Health Records: empowering people

Stewart Fishman, product manager for Personal Health Records (PHRs) at NHS Digital, writes for NHE to discuss the empowering impact PHRs can have for patients. Imagine a future where people can easily choose from a range of secure, usable, online tools to access their care records. They can add information to these tools and share it with anyone involved in their care. It's not too much of a leap, because these tools are available... more >
read more blog posts from 'the scalpel' >


Duncan Selbie: A step on the journey to population health

24/01/2018Duncan Selbie: A step on the journey to population health

The NHS plays a part in the country’s wellness – but it’s far from being all that matters. Duncan Selbie, chief executive of Pu... more >
Cutting through the fake news

22/11/2017Cutting through the fake news

In an era of so-called ‘fake news’ growing alongside a renewed focus on reducing stigma around mental health, Paul Farmer, chief exec... more >
Tackling infection prevention locally

04/10/2017Tackling infection prevention locally

Dr Emma Burnett, a lecturer and researcher in infection prevention at the University of Dundee’s School of Nursing and Midwifery and a boar... more >
Scan4Safety: benefits across the whole supply chain

02/10/2017Scan4Safety: benefits across the whole supply chain

NHE interviews Gillian Fox, head of eProcurement (Scan4Safety) programme at NHS Supply Chain. How has the Scan4Safety initiative evolved sin... more >

last word

Hard to be optimistic

Hard to be optimistic

Rachel Power, chief executive of the Patients Association, warns that we must be realistic about the very real effects of continued underfunding across the health service. It’s now bey... more > more last word articles >

editor's comment

25/09/2017A hotbed of innovation

This edition of NHE comes hot on the heels of this year’s NHS Expo which, once again, proved to be a huge success at Manchester Central. A number of announcements were made during the event, with the health secretary naming the second wave of NHS digital pioneers, or ‘fast followers’, which follow the initial global digital e... read more >

health service focus