WannaCry
Cyber Security
cyber attack

Author: National Health Executive

Published: October 12th 2018

WannaCry cyber-attack cost the NHS £92m after 19,000 appointments were cancelled

A report into cyber security of the health and care sector has revealed that the WannaCry ransomware attack cost the NHS a total of £92m through services lost during the attack and IT costs in the aftermath.

In the Department of Health and Social Care’s (DHSC) report, it says that it estimates around £20m was lost during the attack mainly due to lost output, followed by a further £72m from the IT support to restore data and systems.

The May 2017 cyber-attack severely disrupted more than 80 hospital trusts and 8% of GP practices after a type of malware called ransomware was used to lock down hospitals in England.

According to the report, this led to 19,000 appointments being cancelled across the one-week period of the attack, with an estimated 1% of all NHS care disrupted.

The report said: “While this may only be a small proportion of overall NHS activity, it represents disruption to the care of a significant number of patients.”

The ransomware worked by causing 200,000 computers to lock out users with red-lettered error messages demanding Bitcoin, and has since been blamed on elite North Korean hackers.

The £92m cost is a rough estimate of the total cost of WannaCry as no data was collected on the costs of recovering IT systems or the extent of patience disruption.

The report acts as an update to the DHSC’s cyber resilience report from February, reviewing the actions taken by the department and its arm’s-length bodies to improve cyber security following the attack last year.

Since February, the DHSC say they have increased investment in local infrastructure in 2017-18 to over £60m and agreed £150m of investment over the next three years.

They have also procured a new Cyber Security Operations Centre and agreed on plans to implement the recommendations from the review of the WannaCry attack, as well as estimating the costs of the cyberattack.

Also back in February, NHS Digital revealed that none of the 200 trusts tested for cyber security vulnerabilities passed inspection, raising fears over the NHS’s vulnerability to another cyber-attack similar to WannaCry.

The DHSC were warned about the risks of cyber-attacks to the NHS a year before WannaCry, but was criticised for responding too slowly and not doing enough to prevent cyber-attacks.

Image credit - tzahiV

NHE Nov/Dec 2023

AI is key in helping dementia patients live independently for longer.

The Nov/Dec 2023 edition of NHE brings you expert comment and analysis on a range of key health sector topics, from digital transformation to navigating post-pandemic challenges.

Read Now

National Health Executive Presents

NHE365 Virtual Events

NHE has created a full calendar of events to address the most important issues that influence the delivery of healthcare services. Over 365 days you'll have the opportunity to hear from a range of highly motivating, informative and inspirational speakers. These speakers will equip you with the knowledge and unique insight to enable you to overcome the challenges that you face.

National Health Executive Podcast

Ep 39.
What makes a good NHS manager? with Anthony Painter, Director of Policy at Chartered Management Institute (CMI)

In episode 39 of the National Health Executive podcast, we were joined by Anthony Painter, who is the director of policy at the Chartered Management Institute (CMI), to discuss all things management within the UK health sector and NHS.

During the podcast, Anthony shared some of the recent research CMI conducted in partnership with the Social Market Foundation, which centred around the state of management and leadership within the NHS.

Listen Now