WannaCry emergency measures cost central NHS agencies £180,000
- 19 July 2017
The emergency measures put in place over WannaCry has cost NHS Digital and NHS England £180,000, revealed a member of parliament.
Jackie Doyle-Price, MP for Thurrock, responded to a written question on 27 June saying the emergency measures put in place over the May cyber-attack cut into the agencies internal budgets.
The global WannaCry cyber-attack hit the NHS in May and exploited a known Microsoft vulnerability.
“The identifiable cost of emergency measures put in place to specifically address the NHS ransomware attack on 12 May 2017 was approximately £180,000”, Doyle-Price wrote.
“Information relating to any expenditure incurred by individual local NHS trusts or other NHS organisations is not collected centrally.”
First reported on Health IT Central, the details emerged as an answer to a cybersecurity question posed by Jonathan Ashworth, MP for Leicester South.
A Digital Health News investigation carried out in late May found that while most trusts could not disclose direct financial implications as a result of the cyber-attack, a source at one of the trusts indicated it will exceed £1 million.
While the cost question was refused, freedom of information request to the severely affected acute trust, Southport and Ormskirk NHS Trust, found that 3,089 patients were affected by the cyber-attack.
HSJ reported in July that the ransomware attack has led to the cancellation of at least 14,778 patient appointments and 850 operations across the NHS.
The centre’s response to the cyber-attack was also revealed through the government’s long-awaited response to Dame Fiona Caldicott’s data security review.
Published 12 July, the report says that there will be an additional £21 million of capital funds investment to strengthen cyber-protection, initially of major trauma sites. This will be in addition to the £50 million fund already promised for NHS cybersecurity.
Will Smart, NHS England chief information officer, will also publish a review into the cyber-attacks October 2017.