NHS cyber attack

“The WannaCry cyber-attack had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”
Amyas Morse, head of the National Audit Office, October 2017.

A man is typing at an old laptop. The desktop background on the screen is the classic windows background of rolling hills. However, over the top there’s a dark warning message. A black box has appeared and in a bright red robotic font the message “You have been hacked.” People’s personal information has a value, and that makes it attractive for criminals too. On Friday 12 May 2017, WannaCry was released across the world. The computer virus blocked users from accessing their computers, and those responsible for it demanded a ransom payment to unlock systems.

NHS England was heavily impacted by the virus, with the National Audit Office finding at least 34% of trusts in England were disrupted. Between 12 and 18 May 2017, an estimated 19,000-plus appointments were cancelled and, in five areas of the country, patients had to travel further afield to access A&E departments. Following the attack, NHS Digital found that all organisations affected by the computer virus had the same weaknesses in their systems. They could have taken simple steps to protect themselves from attack and keep the personal information they held secure.