Skip to content ↓ | Skip to navigation ↓

An investigation into the 2017 WannaCry outbreak found that the ransomware affected 34% of National Health Service (NHS) trusts in England.

Following the May 2017 attack that struck more than 200,000 organizations in at least 100 countries, the UK government’s National Audit Office (NAO) launched an inquiry into the matter. Its purpose was to determine what effect WannaCry had on the NHS. The parliamentary body was especially interested in learning how the ransomware had affected patients’ data as well as how the Department of Health and the NHS national bodies had responded to the attack.

The investigation, which covered the events immediately before the attack and through the end of September, found that WannaCry was the largest digital attack ever to strike the NHS. 81 of the 236 trusts in England suffered disruption as a result of the outbreak. 603 primary care and other NHS organizations, including 595 GP practices, also reported infections.

Investigation: WannaCry cyber attack and the NHS page 17

Here are a few additional findings from the investigation:

  • NHS entities canceled 6,912 appointments as a result of the attack.
  • None of the victimized organizations subsequently paid the ransom demanded by the attackers.
  • The Department of Health does know the true cost of the disruption to NHS services, a figure which would include canceled appointments, IT support, and data recovery procedures.

Those involved with the investigation learned that the Department of Health had received warning in July 2016 that an attack against the NHS could compromise patient data. The DHS eventually released a formal response to that warning in July 2017. But at the time of the attack, the body had no formal mechanism to determine whether local organizations had robust plans to defend against digital threats.

Amyas Morse, head of the National Audit Office, hopes these findings lead to a greater focus on IT security in the future. As quoted in a press release:

“The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

In the aftermath of the outbreak, the Department of Health has developed a digital attack response plan for local and national organizations. It and the NHS have also articulated their commitment to helping local organizations implement software patches on a timely basis and facilitating essential communications when systems are down.

You can read the full report released by the NAO here.