WannaCry cyber attack lost the East and North Herts NHS Trust £700,000
PUBLISHED: 15:19 28 December 2017 | UPDATED: 15:19 28 December 2017
The global cyber attack earlier this year which crippled the NHS cost the East and North Herts NHS Trust £700,000, with a national investigation concluding that the attack “could have been prevented by the NHS following basic IT security”.
On May 12, computer hackers released worldwide the virus WannaCry, which encrypts data on infected computers and demands a ransom payment to allow users access.
The East and North Herts NHS Trust, which runs Stevenage’s Lister Hospital, was one of more than 80 NHS Trusts in England to be infected by WannaCry, as well as 595 GP practices.
Lister’s A&E was one of five emergency departments unable to treat some patients due to the cyber attack, forcing ambulances to divert to other hospitals.
The Trust disabled its phone and computer systems in a bid to fend off the attack and declared a major internal incident.
The cyber attack could have caused more disruption if it had not been stopped by a cyber researcher activating a ‘kill switch’ so WannaCry stopped locking devices.
Between May 12 and 17, because of the cyber attack, the Trust postponed 154 elective procedures and 768 outpatient procedures – of which over 50 per cent were for retinal screening.
A Trust spokesman said: “In terms of the financial impact on the Trust, this was driven principally by emergency patients being treated at other NHS hospitals less affected by the cyber attack during this period. This equated to some £400,000 of income not received by the Trust. The loss of planned activity – outpatient appointments and planned operations – equated to a further £300,000.”
An investigation by the National Audit Office found all organisations infected shared the same vulnerability. They had unpatched or unsupported Windows operating systems, so were susceptible to the ransomware.
Amyas Morse, head of the NAO, said: “The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients.
“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice.
“There are more sophisticated cyber threats our there than WannaCry so the department and the NHS need to get their act together to ensure the NHS is better protected.”