Nearly 600 practices were affected by NHS cyber attack

Some 595 practices were affected by the WannaCry cyber attack that hit the NHS in May this year, an investigation by the National Audit Office (NAO) has found.

WannaCry was the largest cyber attack to affect the NHS and it led to disruption in at least 34% of trusts in England, the auditor said. It added that the DH and NHS England still do not know the full extent of the disruption because they do not know how many NHS organisations could not access records or receive information because they shared data or systems with an infected trust.

Between 12 and 18 May 2017, 6,912 appointments had been cancelled and NHS England estimated that more than 19,000 appointments would have been cancelled in total as a result of the attack.

However, neither the DH nor NHS England know how many GP appointments were cancelled or how many ambulances and patients were diverted from the five A&E departments that were unable to treat some patients, the report said.

All of the organisations infected with WannaCry had unpatched or unsupported Windows operating systems that were susceptible to the ransomware, the report added.

Many GP practices worked through the weekend to restore compuer systems and install IT patches following the attack. Some practices also faced significant backlogs of work caused by the shutdown.

Cyber attack risk

The NAO said that the DH was warned about the risks of cyber attacks on the NHS a year before WannaCry.

The DH and Cabinet Office had written to trusts in 2014, saying it was essential they had ‘robust plans’ to migrate away from old software, such as Windows XP, by April 2015. NHS Digital had also issued critical alerts warning organisations to patch their systems to prevent WannaCry in March and April 2017.

‘However, [before the attack] there was no formal mechanism for assessing whether NHS organisations had complied with its advice and guidance,’ the NAO report said. ‘Prior to the attack, NHS Digital had conducted an on-site cyber-security assessment for 88 out of 236 trusts, and none had passed.’

The NAO said that the DH and NHS national bodies were taking steps to improve cyber security in the health service, including developing a response plan for how the NHS would cope with a future cyber attack and ensuring all organisations implement critical CareCERT alerts from NHS Digital, which relate to IT security.

Have you registered with us yet?

Register now to enjoy more articles and free email bulletins

Register

Already registered?

Sign in

Follow Us:

Just published

Relaxed COVID-19 rules could open door to vaccine-evading variants, say experts

Relaxed COVID-19 rules could open door to vaccine-evading variants, say experts

High levels of COVID-19 after the relaxation of pandemic restrictions will increase...

Viewpoint: 'Hero' label must not stop doctors demanding fair pay and support

Viewpoint: 'Hero' label must not stop doctors demanding fair pay and support

Calling NHS staff 'heroes' reflected the personal risk and sacrifices they took on...

UK COVID-19 vaccination programme tracker

UK COVID-19 vaccination programme tracker

GPs across the UK are playing a leading role in the largest-ever NHS vaccination...

Tributes as GP and 'staunch defender of the NHS' Dr Kailash Chand dies

Tributes as GP and 'staunch defender of the NHS' Dr Kailash Chand dies

Tributes have poured in for long-serving Manchester GP, BMA vice president and NHS...

Unfunded 3% pay rise could add £20,000 to average GP practice wage bill

Unfunded 3% pay rise could add £20,000 to average GP practice wage bill

GP practices in England could see their wage bill rise by £20,000 on average after...

Pandemic driving surge in burnout among trainee doctors and educators, GMC poll shows

Pandemic driving surge in burnout among trainee doctors and educators, GMC poll shows

One in three trainee doctors and a fifth of trainers feel burned out to a 'high'...