Counting The Cost Of Cyber Attacks On The NHS

Photo of a man in an anonymous mask

On the 14th May 2021, Health IT services in the Republic of Ireland were the victim of a targeted cyber attack. The ransomware attack caused all of their IT systems to be shut down as a precaution in order to protect vital data. Two days later they were still working on ways of bringing things back online.

This was another bleak reminder of the vulnerabilities that health services across the world face when being targeted by cyber criminals, who effectively lock out users until their financial demands have been met.


Back in 2017 the NHS was hit by the WannaCry attack. This was another organised ransomware attack which hit over 200,000 computers in 150 different countries and led to global costs of an estimated £6 billion.

On the 12th of May 2017 (almost exactly 4 years ahead of the Irish attack) the NHS found themselves affected due to the use of unpatched versions of Microsoft Windows 7. This lead to:

  • 80 NHS trusts, 603 primary care organisation including 595 GP practices being offline
  • 1,000s of appointments and operations being cancelled
  • Patients relocated from affected centres
  • Staff going back to having to use a pen and paper approach

More Expected

Whilst this was the last major attack the NHS faced it hasn’t been plain sailing since. Attacks linked to the COVID-19 pandemic have been a major headache recently. Between September 2019 and August 2020 there were 723 cyber security incidents recorded.

NHS Digital also flagged up that due to the increased amount of staff working from home during the pandemic and national lockdowns, that they have faced more email fraud threats as hackers attempt to impersonate members of staff in order to deceive people.

What Are The Potential Risks?

When health services are breached by a cyber attack it put them at risk of the following:

  • Loss of patient data e.g. patient notes, past blood results, X-Rays etc. This includes access to key data ahead of scheduled patient visits so it affects outpatients as well as inpatients.
  • Huge financial losses. The WannaCry incident alone cost the NHS £92 million.
  • Chaos as appointments are cancelled or deleted from the system which poses big risks for those who have their on-going treatments interrupted.
  • Pharmacies may be unable to process prescriptions leaving patients without access to necessary medicines.

Lessons Learned

But it’s not all bad news (despite the overall negative vibe of this week’s post – sorry!), so let’s end on a more positive note.

In the wake of the WannaCry attack the NHS have carried out a full review and put in place a series of measures to better prepare (and protect) themselves in the future, which include:

  • A new Cyber Security Operations Centre. Which will block over 20 million items of malicious activity each month.
  • A network of Cyber Associates with over 1,000 members in 700 NHS organisations.
  • A Data Security and Protection Toolkit (DSPT), which outlines national standards that all NHS and social care organisations should work towards.
  • Regional leads to support local delivery of cyber security.
  • Licences to enable all NHS Trusts to upgrade to Windows 10 and be able to access Microsoft’s Advanced Threat Protection (ATP). This helps protect 1.3 million devices across the NHS.
  • The launch of NHS Secure Boundary which is a solution that protects NHS organisations from the most sophisticated cyber threats

You can read more about the lessons learned from the WannaCry review here.

Find out more

We hope you found this article interesting and if you’d like to read similar articles please bookmark our site as we will be bringing you regular insight articles on the world of MedTech.

Contact us

Please use the form below to get in touch with us.

  • This field is for validation purposes and should be left unchanged.

Contact Information

UK Head Office
+44 (0)191 8090 272

Head Office:
8 Mosley Street
Newcastle Upon Tyne
View on Google Maps

Follow us on