Your browser is no longer supported

For the best possible experience using our website we recommend you upgrade to a newer version or another browser.

Your browser appears to have cookies disabled. For the best experience of this website, please enable cookies in your browser

We'll assume we have your consent to use cookies, for example so you won't need to log in each time you visit our site.
Learn more

What happened when the NHS was affected by the WannaCry ransomware attack?

  • 1 Comment

You are all likely to have heard on the news about –  or were affected at work by – the WannaCry cyber-attack that affected organisations across the world, including the NHS. 

anne cooper nhs digital

But what happened and what can you do to reduce the chances of it happening again?

The WannaCry cyber-attack in May affected around 150 countries and, while not directed at the NHS, affected some NHS devices. In the UK, 47 NHS organisations were affected and many GPs switched their systems off following advice from their local clinical commissioning groups (CCGs). This resulted in many patients being unable to access healthcare when they needed to, as some records and appointment systems, as well as medical equipment, were not available. 

A relatively small number of organisations in the NHS were infected by the WannaCry ransomware but news of the cyber-attack had a wider impact as other trusts and CCGs closed down their systems as a precaution. 

To resolve the issue, affected organisations – whether they were trusts or GP surgeries – were asked to apply a ‘patch’ and to follow advice and guidance issued by NHS Digital.

These ‘patches’ are pieces of software designed to update a computer program, or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs.

All NHS organisations had been offered the patch earlier in the year before the WannaCry cyber-attack, but many had not applied it, leaving themselves vulnerable.

While NHS organisations should have good cyber security measures in place, no system is completely impenetrable, as seen by high-profile attacks on major global companies.

Doctors, nurses and staff across the system worked incredibly hard on 12 May when the WannaCry ransomware attack first hit, and throughout the following week, to keep services running as best they could. They then worked admirably to get everything back to normal as swiftly as possible once the problems were resolved.

Across healthcare, we all need to work collaboratively and learn from the events of 12 May. One of those lessons is that better data security on everyone’s part will greatly help to make the NHS more resilient and to prepare for a future cyber-attack.

“We will continue to provide support to people across all disciplines in health and care so that they know to remain vigilant”

NHS Digital created the Data Security Centre to support staff and to ensure we keep patient data safe and secure. We will continue to provide support to people across all disciplines in healthcare so that they know to remain vigilant; how to mitigate against further cyber-attacks; and to make sure that if there is one, they know what to do and where to go for advice and support.

Data security is something every individual member of staff has responsibility for – it is not just a technology issue or just something the ICT team has responsibility for. Data security is the responsibility of everyone across health and care.

As examples to think of - you wouldn’t leave your front door unlocked, but not having a secure password on your computer or sharing login credentials is the cyber equivalent to doing just that. Nor would you leave your engine running when nipping into the bank – but again, leaving your desk without locking your screen is the cyber equivalent. It risks data being either intentionally or unintentionally accessed by people who shouldn’t be seeing it.

We are all responsible for taking the basic and sensible steps to keep digital information safe.

Here are some top tips that you can follow:

  • Always use unique, strong passwords for your work accounts. Always change them immediately, and report it, if you think they may have been compromised or you notice anything else suspicious;
  • Never open a link or document sent from an unknown party;
  • Your computer and devices will regularly alert you to new important security updates being available. These protect you from outside attacks – don’t ignore them or put them off;
  • Always lock your computer screen by pressing the ‘Ctrl’, ‘Alt’ and ‘Delete’ buttons together whenever you’re moving away from your desk – even if you’re only going to be leaving your computer unattended briefly.

Anne Cooper is chief nurse at NHS Digital

  • 1 Comment

Readers' comments (1)

  • My password is *************
    That got your attention?
    How many of you read the above tips and decided this is what you should do but this is boring and you have better things to do.
    Just think what would happen if you didn't follow these tips...
    Do you deal with patient's information?


    Now about patching...
    Now this may shock you but Microsoft and all the other computer companies release patches to make your lives easier. Yes its frustrating to make time available when you cannot do your work so your servers can be patched. Microsoft releases patches every few months to protect against viruses and to plug security holes and resolve bugs.

    The servers where I work are patched approx. monthly. No exceptions.

    Not applying patches?
    "All NHS organisations had been offered the patch earlier in the year before the WannaCry cyber-attack, but many had not applied it, leaving themselves vulnerable"

    Wonder how many patients and doctors and nurses suffered because of this? If I was in charge I would force the NHS to patch. Yes force them.
    And my password actually is ******************

    Unsuitable or offensive? Report this comment

Have your say

You must sign in to make a comment

Please remember that the submission of any material is governed by our Terms and Conditions and by submitting material you confirm your agreement to these Terms and Conditions. Links may be included in your comments but HTML is not permitted.

Related Jobs