WannaCry NHS cyber attack cost health service nearly £100million

0
Have your say

The WannaCry cyber attack cost the NHS an estimated £92 million, the Department of Health and Social Care (DHSC) has revealed.

The breach in May last year, which affected computers worldwide, disrupted services and led to thousands of cancelled NHS appointments.

he Department of Health and Social Care (DHSC) has revealed that the WannaCry cyber attack cost the NHS an estimated 92 million. Picture: Dominic Lipinski/PA Wire

he Department of Health and Social Care (DHSC) has revealed that the WannaCry cyber attack cost the NHS an estimated 92 million. Picture: Dominic Lipinski/PA Wire

Following the cyber attack, Solent NHS Trust confirmed that 12 of its computers were infected by the ransomware.

Read More: North Korea’ behind cyber attacks on NHS trusts in Hampshire

However Portsmouth NHS Trust, which runs QS in Cosham, was not affected by the WannaCry attack. 

A report by the Public Accounts Committee, published in April, said the health service was ‘unprepared’ for the attack, adding that it was ‘lucky’ the threat had been tackled quickly.

A new report, published by DHSC on Thursday, states services were disrupted in around one third of NHS trusts and 8% of GP practices due to the attack.

More than 19,000 appointments were cancelled, it said.

The report includes the first estimate by DHSC of the financial cost of the attack on the NHS.

Read More: Health trusts vow they are constantly ‘vigilant’ over cyber attack threat

Lost output of patient care caused by reduced access to information and the necessary systems cost the NHS an estimated £19 million between May 12 and May 18, it said.

The cost of IT support during the attack was approximately £500,000, while that provided in June and July following the attack was an estimated £72 million.

This includes support provided by NHS organisations and IT consultants to restore data and systems.

The DHSC warned the estimates could not be made with certainty, adding that accurately assessing costs would require collecting data from all affected organisations "which itself would impose a disproportionate financial burden on the system".

The WannaCry attack saw data on infected computers encrypted and issued users with a ransom demand to unlock their devices.

The Public Accounts Committee described the attack as ‘relatively unsophisticated’ and warned future breaches could be more sophisticated.

It also called on the national financial cost of the WannaCry attack on the NHS to be calculated in its report, published in April.

It said: ‘We recognise that at the time of the attack the focus would have been on patient care rather than working out what WannaCry was costing the NHS.

‘However, an understanding of the financial impact on the NHS is also important to assess the seriousness of the attack and likely to be relevant to informing future investment decisions in cyber security.’

The DHSC said it had agreed £150 million of investment in cyber security over the next three years.

It has also signed a new contract with Microsoft to enhance cyber security intelligence.