We need capital investment to deal with threat of cyber attack
27 October 2017
- National Audit Office publishes findings from an investigation into the WannaCry cyber attack and how it impacted the NHS in England
- Investigation concludes at least 34% of trusts in England were affected with thousands of operations cancelled
- We say the incident was a powerful reminder that we need significant capital investment to ensure we can deal with the threat of cyber crime
The National Audit Office (NAO) has published its findings of an investigation into the WannaCry cyber attack and the NHS in England.
Its investigation focused on the ransomware attack's impact on the NHS and its patients; why some parts of the NHS were affected; and how the Department and NHS national bodies responded to the attack.
Some of the findings include:
- the attack led to disruption in at least 34% of trusts in England;
- thousands of appointments and operations were cancelled and in five areas patients had to travel further to accident and emergency departments;
- the Department of Health had developed a plan, which included roles and responsibilities of national and local organisations for responding to an attack, but had not tested the plan at a local level
Responding to the report by the National Audit Office (NAO) on the WannaCry cyber attack and the NHS, the director of development and operations at NHS Providers, Ben Clacy, said:
“This attack brought significant disruption to the NHS and many other organisations around the world. Further attacks are inevitable so it is important that lessons are learned. This report makes a useful contribution to that process.
“It rightly acknowledges the important contribution of NHS staff who worked overtime including over the weekend to stop or minimise the impact of the attack on patients.
This incident was a powerful reminder that we need significant capital investment to ensure we can deal with the threat of cyber crime in the future.
“A large majority of the affected trusts managed to carry on treating urgent and emergency patients through the weekend, and a few days after the attack only two were still diverting patients. That tells us a lot about the commitment, resilience and resourcefulness of staff working under difficult conditions.
“The NHS is taking steps at national and local level to prepare for the next attack. Part of this is to ensure that trusts apply software patches and keep anti-virus software up to date. And there are lessons too around communication, both within the NHS and with the wider public.
“And this incident was a powerful reminder that we need significant capital investment to ensure we can deal with the threat of cyber crime in the future.”