WannaCry

WannaCry cyber-attack cost the NHS £92m after 19,000 appointments were cancelled

A report into cyber security of the health and care sector has revealed that the WannaCry ransomware attack cost the NHS a total of £92m through services lost during the attack and IT costs in the aftermath.

In the Department of Health and Social Care’s (DHSC) report, it says that it estimates around £20m was lost during the attack mainly due to lost output, followed by a further £72m from the IT support to restore data and systems.

The May 2017 cyber-attack severely disrupted more than 80 hospital trusts and 8% of GP practices after a type of malware called ransomware was used to lock down hospitals in England.

According to the report, this led to 19,000 appointments being cancelled across the one-week period of the attack, with an estimated 1% of all NHS care disrupted.

The report said: “While this may only be a small proportion of overall NHS activity, it represents disruption to the care of a significant number of patients.”

The ransomware worked by causing 200,000 computers to lock out users with red-lettered error messages demanding Bitcoin, and has since been blamed on elite North Korean hackers.

The £92m cost is a rough estimate of the total cost of WannaCry as no data was collected on the costs of recovering IT systems or the extent of patience disruption.

The report acts as an update to the DHSC’s cyber resilience report from February, reviewing the actions taken by the department and its arm’s-length bodies to improve cyber security following the attack last year.

Since February, the DHSC say they have increased investment in local infrastructure in 2017-18 to over £60m and agreed £150m of investment over the next three years.

They have also procured a new Cyber Security Operations Centre and agreed on plans to implement the recommendations from the review of the WannaCry attack, as well as estimating the costs of the cyberattack.

Also back in February, NHS Digital revealed that none of the 200 trusts tested for cyber security vulnerabilities passed inspection, raising fears over the NHS’s vulnerability to another cyber-attack similar to WannaCry.

The DHSC were warned about the risks of cyber-attacks to the NHS a year before WannaCry, but was criticised for responding too slowly and not doing enough to prevent cyber-attacks.

NHE September / October 2024

NHE September / October 2024

Join the conversation shaping the future of healthcare.

Click below to read more!

More articles...

View all
Online Conference

Presenting

2024 Online Conferences

In partnership with our community of health sector leaders responsible for delivering the UK's health strategy across the NHS and the wider health sector, we’ve devised a collaborative calendar of conferences and events for industry leaders to listen, learn and collaborate through engaging and immersive conversation. 

All our conferences are CPD accredited, which means you can gain points to advance your career by attending our online conferences. Also, the contents are available on demand so you can re-watch at your convenience.

National Health Executive Podcast

Listen to industry leaders on everything within healthcare

Whether it's the latest advancements in medical technology, healthcare policies, patient care innovations, or the challenges facing healthcare providers, we cover it all.

 

Join us as we engage with top healthcare professionals, industry leaders, and policy experts to bring you insightful conversations that matter.