WannaCry cyber-attack

WannaCry cyber-attack cost the NHS £92m after 19,000 appointments were cancelled

 

A report into cyber security of the health and care sector has revealed that the WannaCry ransomware attack cost the NHS a total of £92m through services lost during the attack and IT costs in the aftermath.

In the Department of Health and Social Care’s (DHSC) report, it says that it estimates around £20m was lost during the attack mainly due to lost output, followed by a further £72m from the IT support to restore data and systems.

The May 2017 cyber-attack severely disrupted more than 80 hospital trusts and 8% of GP practices after a type of malware called ransomware was used to lock down hospitals in England.

According to the report, this led to 19,000 appointments being cancelled across the one-week period of the attack, with an estimated 1% of all NHS care disrupted.

The report said: “While this may only be a small proportion of overall NHS activity, it represents disruption to the care of a significant number of patients.”

The ransomware worked by causing 200,000 computers to lock out users with red-lettered error messages demanding Bitcoin, and has since been blamed on elite North Korean hackers.

The £92m cost is a rough estimate of the total cost of WannaCry as no data was collected on the costs of recovering IT systems or the extent of patience disruption.

The report acts as an update to the DHSC’s cyber resilience report from February, reviewing the actions taken by the department and its arm’s-length bodies to improve cyber security following the attack last year.

Since February, the DHSC say they have increased investment in local infrastructure in 2017-18 to over £60m and agreed £150m of investment over the next three years.

They have also procured a new Cyber Security Operations Centre and agreed on plans to implement the recommendations from the review of the WannaCry attack, as well as estimating the costs of the cyberattack.

Also back in February, NHS Digital revealed that none of the 200 trusts tested for cyber security vulnerabilities passed inspection, raising fears over the NHS’s vulnerability to another cyber-attack similar to WannaCry.

The DHSC were warned about the risks of cyber-attacks to the NHS a year before WannaCry, but was criticised for responding too slowly and not doing enough to prevent cyber-attacks.

Image credit - tzahiV

NHE May/June 22

NHE May/June 22

Developing a high-quality NHS estate

The new edition of NHE’s e-magazine highlights the latest in cyber security, pharmaceuticals, NHS workforce, NHS Estates, driving innovation in procurement and more with articles from the likes of Brendan Griffin-Ryan, Senior Category Manager, Estates & Facilities, NHS SBS (pg79), West London NHS Trust and Health Education England.

Videos...

View all videos
National Health Executive Presents

National Health Executive Presents

NHE365 Virtual Events

NHE has created a full calendar of events to address the most important issues that influence the delivery of healthcare services. Over 365 days you'll have the opportunity to hear from a range of highly motivating, informative and inspirational speakers. These speakers will equip you with the knowledge and unique insight to enable you to overcome the challenges that you face.

Finger on the Pulse

Ep 14. Health messaging is a science, Professor Craig Jackson

On Episode 14 of NHE's Finger on the Pulse podcast, we're joined by Professor Craig Jackson, Professor of Occupational Health Psychology
Birmingham City University to discuss the coronavirus pandemic, the health messaging around it and how those in power have missed a trick by overlooking the key role of psychology in informing the public of restrictions, measures and the ever-changing situation

More articles...

View all