WannaCry cyber-attack
  • WannaCry
  • Cyber Security
  • cyber attack
Picture of author, National Health Executive

Author: National Health Executive

Published: October 12th 2018

WannaCry cyber-attack cost the NHS £92m after 19,000 appointments were cancelled

 

A report into cyber security of the health and care sector has revealed that the WannaCry ransomware attack cost the NHS a total of £92m through services lost during the attack and IT costs in the aftermath.

In the Department of Health and Social Care’s (DHSC) report, it says that it estimates around £20m was lost during the attack mainly due to lost output, followed by a further £72m from the IT support to restore data and systems.

The May 2017 cyber-attack severely disrupted more than 80 hospital trusts and 8% of GP practices after a type of malware called ransomware was used to lock down hospitals in England.

According to the report, this led to 19,000 appointments being cancelled across the one-week period of the attack, with an estimated 1% of all NHS care disrupted.

The report said: “While this may only be a small proportion of overall NHS activity, it represents disruption to the care of a significant number of patients.”

The ransomware worked by causing 200,000 computers to lock out users with red-lettered error messages demanding Bitcoin, and has since been blamed on elite North Korean hackers.

The £92m cost is a rough estimate of the total cost of WannaCry as no data was collected on the costs of recovering IT systems or the extent of patience disruption.

The report acts as an update to the DHSC’s cyber resilience report from February, reviewing the actions taken by the department and its arm’s-length bodies to improve cyber security following the attack last year.

Since February, the DHSC say they have increased investment in local infrastructure in 2017-18 to over £60m and agreed £150m of investment over the next three years.

They have also procured a new Cyber Security Operations Centre and agreed on plans to implement the recommendations from the review of the WannaCry attack, as well as estimating the costs of the cyberattack.

Also back in February, NHS Digital revealed that none of the 200 trusts tested for cyber security vulnerabilities passed inspection, raising fears over the NHS’s vulnerability to another cyber-attack similar to WannaCry.

The DHSC were warned about the risks of cyber-attacks to the NHS a year before WannaCry, but was criticised for responding too slowly and not doing enough to prevent cyber-attacks.

Image credit - tzahiV

NHE March/April 2024

NHE March/April 2024

A window into the past, present and future of healthcare leadership.

- Steve Gulati, University of Birmingham 

Read Now

More articles...

View all
Online Conference

Presenting

2024 Online Conferences

In partnership with our community of health sector leaders responsible for delivering the UK's health strategy across the NHS and the wider health sector, we’ve devised a collaborative calendar of conferences and events for industry leaders to listen, learn and collaborate through engaging and immersive conversation. 

All our conferences are CPD accredited, which means you can gain points to advance your career by attending our online conferences. Also, the contents are available on demand so you can re-watch at your convenience.

Register Here

National Health Executive Podcast

Ep 42. Leadership in the NHS

In episode 42 of the National Health Executive podcast we were joined by Steve Gulati who is an associate professor at the University of Birmingham as well as director of healthcare leadership at the university’s Health Services Management Centre.

Listen Now
News

News

 Partner Content

Partner Content

 Podcast

Podcast

 Events

Events