A retrospective impact analysis of the WannaCry cyberattack on the NHS

S Ghafur, S Kristensen, K Honeyford, G Martin, A Darzi, P Aylin

Publikation: Bidrag til tidsskriftTidsskriftartikelForskningpeer review

Resumé

A systematic analysis of Hospital Episodes Statistics (HES) data was done to determine the effects of the 2017 WannaCry attack on the National Health Service (NHS) by identifying the missed appointments, deaths, and fiscal costs attributable to the ransomware attack. The main outcomes measured were: outpatient appointments cancelled, elective and emergency admissions to hospitals, accident and emergency (A&E) attendances, and deaths in A&E. Compared with the baseline, there was no significant difference in the total activity across all trusts during the week of the WannaCry attack. Trusts had 1% more emergency admissions and 1% fewer A&E attendances per day during the WannaCry week compared with baseline. Hospitals directly infected with the ransomware, however, had significantly fewer emergency and elective admissions: a decrease of about 6% in total admissions per infected hospital per day was observed, with 4% fewer emergency admissions and 9% fewer elective admissions. No difference in mortality was noted. The total economic value of the lower activity at the infected trusts during this time was £5.9 m including £4 m in lost inpatient admissions, £0.6 m from lost A&E activity, and £1.3 m from cancelled outpatient appointments. Among hospitals infected with WannaCry ransomware, there was a significant decrease in the number of attendances and admissions, which corresponded to £5.9 m in lost hospital activity. There was no increase in mortality reported, though this is a crude measure of patient harm. Further work is needed to appreciate the impact of a cyberattack or IT failure on care delivery and patient safety.

OriginalsprogEngelsk
TidsskriftNPJ digital medicine
Vol/bind2
Sider (fra-til)98
ISSN2398-6352
DOI
StatusUdgivet - 2019

Fingeraftryk

National Health Programs
Emergencies
Outpatients
Patient Harm
Patient Safety
Accidents
Inpatients

Citer dette

Ghafur, S ; Kristensen, S ; Honeyford, K ; Martin, G ; Darzi, A ; Aylin, P. / A retrospective impact analysis of the WannaCry cyberattack on the NHS. I: NPJ digital medicine. 2019 ; Bind 2. s. 98.
@article{35ce4198451d45fe85f94024ddb204ea,
title = "A retrospective impact analysis of the WannaCry cyberattack on the NHS",
abstract = "A systematic analysis of Hospital Episodes Statistics (HES) data was done to determine the effects of the 2017 WannaCry attack on the National Health Service (NHS) by identifying the missed appointments, deaths, and fiscal costs attributable to the ransomware attack. The main outcomes measured were: outpatient appointments cancelled, elective and emergency admissions to hospitals, accident and emergency (A&E) attendances, and deaths in A&E. Compared with the baseline, there was no significant difference in the total activity across all trusts during the week of the WannaCry attack. Trusts had 1{\%} more emergency admissions and 1{\%} fewer A&E attendances per day during the WannaCry week compared with baseline. Hospitals directly infected with the ransomware, however, had significantly fewer emergency and elective admissions: a decrease of about 6{\%} in total admissions per infected hospital per day was observed, with 4{\%} fewer emergency admissions and 9{\%} fewer elective admissions. No difference in mortality was noted. The total economic value of the lower activity at the infected trusts during this time was £5.9 m including £4 m in lost inpatient admissions, £0.6 m from lost A&E activity, and £1.3 m from cancelled outpatient appointments. Among hospitals infected with WannaCry ransomware, there was a significant decrease in the number of attendances and admissions, which corresponded to £5.9 m in lost hospital activity. There was no increase in mortality reported, though this is a crude measure of patient harm. Further work is needed to appreciate the impact of a cyberattack or IT failure on care delivery and patient safety.",
author = "S Ghafur and S Kristensen and K Honeyford and G Martin and A Darzi and P Aylin",
note = "{\circledC} The Author(s) 2019.",
year = "2019",
doi = "10.1038/s41746-019-0161-6",
language = "English",
volume = "2",
pages = "98",
journal = "NPJ digital medicine",
issn = "2398-6352",

}

A retrospective impact analysis of the WannaCry cyberattack on the NHS. / Ghafur, S; Kristensen, S; Honeyford, K; Martin, G; Darzi, A; Aylin, P.

I: NPJ digital medicine, Bind 2, 2019, s. 98.

Publikation: Bidrag til tidsskriftTidsskriftartikelForskningpeer review

TY - JOUR

T1 - A retrospective impact analysis of the WannaCry cyberattack on the NHS

AU - Ghafur, S

AU - Kristensen, S

AU - Honeyford, K

AU - Martin, G

AU - Darzi, A

AU - Aylin, P

N1 - © The Author(s) 2019.

PY - 2019

Y1 - 2019

N2 - A systematic analysis of Hospital Episodes Statistics (HES) data was done to determine the effects of the 2017 WannaCry attack on the National Health Service (NHS) by identifying the missed appointments, deaths, and fiscal costs attributable to the ransomware attack. The main outcomes measured were: outpatient appointments cancelled, elective and emergency admissions to hospitals, accident and emergency (A&E) attendances, and deaths in A&E. Compared with the baseline, there was no significant difference in the total activity across all trusts during the week of the WannaCry attack. Trusts had 1% more emergency admissions and 1% fewer A&E attendances per day during the WannaCry week compared with baseline. Hospitals directly infected with the ransomware, however, had significantly fewer emergency and elective admissions: a decrease of about 6% in total admissions per infected hospital per day was observed, with 4% fewer emergency admissions and 9% fewer elective admissions. No difference in mortality was noted. The total economic value of the lower activity at the infected trusts during this time was £5.9 m including £4 m in lost inpatient admissions, £0.6 m from lost A&E activity, and £1.3 m from cancelled outpatient appointments. Among hospitals infected with WannaCry ransomware, there was a significant decrease in the number of attendances and admissions, which corresponded to £5.9 m in lost hospital activity. There was no increase in mortality reported, though this is a crude measure of patient harm. Further work is needed to appreciate the impact of a cyberattack or IT failure on care delivery and patient safety.

AB - A systematic analysis of Hospital Episodes Statistics (HES) data was done to determine the effects of the 2017 WannaCry attack on the National Health Service (NHS) by identifying the missed appointments, deaths, and fiscal costs attributable to the ransomware attack. The main outcomes measured were: outpatient appointments cancelled, elective and emergency admissions to hospitals, accident and emergency (A&E) attendances, and deaths in A&E. Compared with the baseline, there was no significant difference in the total activity across all trusts during the week of the WannaCry attack. Trusts had 1% more emergency admissions and 1% fewer A&E attendances per day during the WannaCry week compared with baseline. Hospitals directly infected with the ransomware, however, had significantly fewer emergency and elective admissions: a decrease of about 6% in total admissions per infected hospital per day was observed, with 4% fewer emergency admissions and 9% fewer elective admissions. No difference in mortality was noted. The total economic value of the lower activity at the infected trusts during this time was £5.9 m including £4 m in lost inpatient admissions, £0.6 m from lost A&E activity, and £1.3 m from cancelled outpatient appointments. Among hospitals infected with WannaCry ransomware, there was a significant decrease in the number of attendances and admissions, which corresponded to £5.9 m in lost hospital activity. There was no increase in mortality reported, though this is a crude measure of patient harm. Further work is needed to appreciate the impact of a cyberattack or IT failure on care delivery and patient safety.

U2 - 10.1038/s41746-019-0161-6

DO - 10.1038/s41746-019-0161-6

M3 - Journal article

VL - 2

SP - 98

JO - NPJ digital medicine

JF - NPJ digital medicine

SN - 2398-6352

ER -