The 2017 WannaCry cyber-attack cost NHS hospitals in England almost £6 million, according to a new analysis from Imperial College London.
Hospitals directly affected by the computer virus had to cancel 13,500 outpatient appointments, including 139 for patients with suspected cancer, amounting to millions lost through reduced activity and potentially delaying critical care. This is despite the virus being thwarted within just 12 hours, according to the research.
This is the first robust, comprehensive analysis of the impact of the cyber-attack on the NHS. The analysis shows that hospitals directly infected with the ransomware had a 6 per cent decrease in total admissions per infected hospital per day. Published this week in Nature Digital Medicine, the study concludes that WannaCry cost hospitals in England £5.9 million.
WannaCry was a global ransomware attack that occurred across multiple continents and organisations on Friday 12th May 2017, locking users out of infected computers and holding their data for ransom. More than 600 NHS organisations were affected, including 34 directly affected hospitals.
Commenting on the finding, study co-author Professor the Lord Ara Darzi, said: “This analysis demonstrates the devastation to health systems that cyber-attacks can cause, and yet these figures still do not paint the full picture of the impact on care delivered."
The authors say that although there has been considerable investment in NHS cybersecurity since the attack, there also needs to be an increase in IT budgets to ensure that current systems can be sustained securely and that healthcare systems are resilient in the face of attack.