Nearly 600 practices were affected by NHS cyber attack

Some 595 practices were affected by the WannaCry cyber attack that hit the NHS in May this year, an investigation by the National Audit Office (NAO) has found.

WannaCry was the largest cyber attack to affect the NHS and it led to disruption in at least 34% of trusts in England, the auditor said. It added that the DH and NHS England still do not know the full extent of the disruption because they do not know how many NHS organisations could not access records or receive information because they shared data or systems with an infected trust.

Between 12 and 18 May 2017, 6,912 appointments had been cancelled and NHS England estimated that more than 19,000 appointments would have been cancelled in total as a result of the attack.

However, neither the DH nor NHS England know how many GP appointments were cancelled or how many ambulances and patients were diverted from the five A&E departments that were unable to treat some patients, the report said.

All of the organisations infected with WannaCry had unpatched or unsupported Windows operating systems that were susceptible to the ransomware, the report added.

Many GP practices worked through the weekend to restore compuer systems and install IT patches following the attack. Some practices also faced significant backlogs of work caused by the shutdown.

Cyber attack risk

The NAO said that the DH was warned about the risks of cyber attacks on the NHS a year before WannaCry.

The DH and Cabinet Office had written to trusts in 2014, saying it was essential they had ‘robust plans’ to migrate away from old software, such as Windows XP, by April 2015. NHS Digital had also issued critical alerts warning organisations to patch their systems to prevent WannaCry in March and April 2017.

‘However, [before the attack] there was no formal mechanism for assessing whether NHS organisations had complied with its advice and guidance,’ the NAO report said. ‘Prior to the attack, NHS Digital had conducted an on-site cyber-security assessment for 88 out of 236 trusts, and none had passed.’

The NAO said that the DH and NHS national bodies were taking steps to improve cyber security in the health service, including developing a response plan for how the NHS would cope with a future cyber attack and ensuring all organisations implement critical CareCERT alerts from NHS Digital, which relate to IT security.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins


Already registered?

Sign in

Follow Us:

Just published

Medical examiners to scrutinise deaths in community settings

The MDU's Dr Kathryn Leask explains how the expansion of the medical examiner system...

Person receiving a COVID-19 booster

COVID-19 booster campaign to start on 5 September, NHS England says

The COVID-19 booster programme will begin in care homes and for housebound patients...

GP consulting room

Nine in ten GPs fear their practice will struggle to cope this winter

Nearly nine in ten GPs fear that their practice will struggle to cope this winter,...

BMA sign

BMA elects new deputy chair of England GP committee and chair of Scottish council

Dr David Wrigley has been elected as new deputy chair of the BMA's GP committee in...

UK money

Almost half of practices say income from private fees has fallen in past year

Almost half of GP practices have seen their income from private and professional...

COVID-19 vaccination centre

BMA raises 'serious concerns' about GP workload and funding for autumn COVID boosters

The BMA has raised 'serious concerns' about the workload implications of this autumn's...