NHS is still assessing the cost of WannaCry one year later

The UK’s Department of Health and Social Care provided an update on the efforts to secure the NHS IT infrastructure, with a focus on WannaCry overall costs.

The UK’s Department of Health and Social Care provided an update on the spent to secure the IT infrastructure in a report titled “Securing cyber resilience in
health and care“. One year later the massive WannaCry ransomware attack the NHS is still facing problems caused by the infections.

WannaCry cost the NHS £92m, giving a look at the expense details we can observe item of £19m for lost output and an estimate of £73m of IT cost to fix affected assets.

According to the report, the attack directly impacted over 19,000 patients whose appointments were canceled due to the attack.

The estimate in the report considers the financial costs in two time periods:

during the attack between 12 and 18 May 2017;
during the recovery period in the immediate aftermath to June-July 2017;

The analysis focus on two categories of cost are:

Direct impact – lost output of patient care caused by reduced access to information and systems required for care leading to cancelled appointments etc.
Additional IT support provided by NHS organisations or IT consultants to restore data and systems affected by the attack.

“The WannaCry attack disrupted services across one-third of hospital trusts and around 8% of GP practices. This had a knock-on impact on patients with over 19,000 appointments cancelled.” reads the report.

“While this may only be a small proportion of overall NHS activity, it represents disruption to the care of a significant number of patients.”

The attack highlighted the inefficiency of the antiquated NHS IT systems, Microsoft was charged to update the entire infrastructure with a three-year deal of £150m deal.

The report includes a case study related a “large NHS mental health trust” that was protected with Advanced Threat Protection that allowed to repeal a phishing email attack with a weaponized excel spreadsheet attachment.

IBM was also hired by the NHS to deliver the new Cyber Security Operations Centre (CSOC) aimed at increasing the capability to monitor, detect and respond to
a variety of security risks and threats across the organization.

NHS signed a three-year strategic partnership with IBM (£30m) to improve NHS Digital’s Cyber Security Operations Centre (CSOC)

The goal is the compliance with the Cyber Essentials Plus standard in June 2021, as recommended in February’s lessons-learned report.

Currently, only 10 sites will “aim” to reach this goal next March.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – WannaCry, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.