A retrospective impact analysis of the WannaCry cyberattack on the NHS

S Ghafur*, S Kristensen, K Honeyford, G Martin, A Darzi, P Aylin

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

1 Downloads (Pure)

Abstract

A systematic analysis of Hospital Episodes Statistics (HES) data was done to determine the effects of the 2017 WannaCry attack on the National Health Service (NHS) by identifying the missed appointments, deaths, and fiscal costs attributable to the ransomware attack. The main outcomes measured were: outpatient appointments cancelled, elective and emergency admissions to hospitals, accident and emergency (A&E) attendances, and deaths in A&E. Compared with the baseline, there was no significant difference in the total activity across all trusts during the week of the WannaCry attack. Trusts had 1% more emergency admissions and 1% fewer A&E attendances per day during the WannaCry week compared with baseline. Hospitals directly infected with the ransomware, however, had significantly fewer emergency and elective admissions: a decrease of about 6% in total admissions per infected hospital per day was observed, with 4% fewer emergency admissions and 9% fewer elective admissions. No difference in mortality was noted. The total economic value of the lower activity at the infected trusts during this time was £5.9 m including £4 m in lost inpatient admissions, £0.6 m from lost A&E activity, and £1.3 m from cancelled outpatient appointments. Among hospitals infected with WannaCry ransomware, there was a significant decrease in the number of attendances and admissions, which corresponded to £5.9 m in lost hospital activity. There was no increase in mortality reported, though this is a crude measure of patient harm. Further work is needed to appreciate the impact of a cyberattack or IT failure on care delivery and patient safety.

Original languageEnglish
Article number98
JournalNPJ digital medicine
Volume2
Number of pages7
ISSN2398-6352
DOIs
Publication statusPublished - 2019
Externally publishedYes

Fingerprint

National Health Programs
Emergencies
Outpatients
Patient Harm
Patient Safety
Accidents
Inpatients

Cite this

Ghafur, S ; Kristensen, S ; Honeyford, K ; Martin, G ; Darzi, A ; Aylin, P. / A retrospective impact analysis of the WannaCry cyberattack on the NHS. In: NPJ digital medicine. 2019 ; Vol. 2.
@article{35ce4198451d45fe85f94024ddb204ea,
title = "A retrospective impact analysis of the WannaCry cyberattack on the NHS",
abstract = "A systematic analysis of Hospital Episodes Statistics (HES) data was done to determine the effects of the 2017 WannaCry attack on the National Health Service (NHS) by identifying the missed appointments, deaths, and fiscal costs attributable to the ransomware attack. The main outcomes measured were: outpatient appointments cancelled, elective and emergency admissions to hospitals, accident and emergency (A&E) attendances, and deaths in A&E. Compared with the baseline, there was no significant difference in the total activity across all trusts during the week of the WannaCry attack. Trusts had 1{\%} more emergency admissions and 1{\%} fewer A&E attendances per day during the WannaCry week compared with baseline. Hospitals directly infected with the ransomware, however, had significantly fewer emergency and elective admissions: a decrease of about 6{\%} in total admissions per infected hospital per day was observed, with 4{\%} fewer emergency admissions and 9{\%} fewer elective admissions. No difference in mortality was noted. The total economic value of the lower activity at the infected trusts during this time was £5.9 m including £4 m in lost inpatient admissions, £0.6 m from lost A&E activity, and £1.3 m from cancelled outpatient appointments. Among hospitals infected with WannaCry ransomware, there was a significant decrease in the number of attendances and admissions, which corresponded to £5.9 m in lost hospital activity. There was no increase in mortality reported, though this is a crude measure of patient harm. Further work is needed to appreciate the impact of a cyberattack or IT failure on care delivery and patient safety.",
author = "S Ghafur and S Kristensen and K Honeyford and G Martin and A Darzi and P Aylin",
note = "{\circledC} The Author(s) 2019.",
year = "2019",
doi = "10.1038/s41746-019-0161-6",
language = "English",
volume = "2",
journal = "NPJ digital medicine",
issn = "2398-6352",

}

A retrospective impact analysis of the WannaCry cyberattack on the NHS. / Ghafur, S; Kristensen, S; Honeyford, K; Martin, G; Darzi, A; Aylin, P.

In: NPJ digital medicine, Vol. 2, 98, 2019.

Research output: Contribution to journalJournal articleResearchpeer-review

TY - JOUR

T1 - A retrospective impact analysis of the WannaCry cyberattack on the NHS

AU - Ghafur, S

AU - Kristensen, S

AU - Honeyford, K

AU - Martin, G

AU - Darzi, A

AU - Aylin, P

N1 - © The Author(s) 2019.

PY - 2019

Y1 - 2019

N2 - A systematic analysis of Hospital Episodes Statistics (HES) data was done to determine the effects of the 2017 WannaCry attack on the National Health Service (NHS) by identifying the missed appointments, deaths, and fiscal costs attributable to the ransomware attack. The main outcomes measured were: outpatient appointments cancelled, elective and emergency admissions to hospitals, accident and emergency (A&E) attendances, and deaths in A&E. Compared with the baseline, there was no significant difference in the total activity across all trusts during the week of the WannaCry attack. Trusts had 1% more emergency admissions and 1% fewer A&E attendances per day during the WannaCry week compared with baseline. Hospitals directly infected with the ransomware, however, had significantly fewer emergency and elective admissions: a decrease of about 6% in total admissions per infected hospital per day was observed, with 4% fewer emergency admissions and 9% fewer elective admissions. No difference in mortality was noted. The total economic value of the lower activity at the infected trusts during this time was £5.9 m including £4 m in lost inpatient admissions, £0.6 m from lost A&E activity, and £1.3 m from cancelled outpatient appointments. Among hospitals infected with WannaCry ransomware, there was a significant decrease in the number of attendances and admissions, which corresponded to £5.9 m in lost hospital activity. There was no increase in mortality reported, though this is a crude measure of patient harm. Further work is needed to appreciate the impact of a cyberattack or IT failure on care delivery and patient safety.

AB - A systematic analysis of Hospital Episodes Statistics (HES) data was done to determine the effects of the 2017 WannaCry attack on the National Health Service (NHS) by identifying the missed appointments, deaths, and fiscal costs attributable to the ransomware attack. The main outcomes measured were: outpatient appointments cancelled, elective and emergency admissions to hospitals, accident and emergency (A&E) attendances, and deaths in A&E. Compared with the baseline, there was no significant difference in the total activity across all trusts during the week of the WannaCry attack. Trusts had 1% more emergency admissions and 1% fewer A&E attendances per day during the WannaCry week compared with baseline. Hospitals directly infected with the ransomware, however, had significantly fewer emergency and elective admissions: a decrease of about 6% in total admissions per infected hospital per day was observed, with 4% fewer emergency admissions and 9% fewer elective admissions. No difference in mortality was noted. The total economic value of the lower activity at the infected trusts during this time was £5.9 m including £4 m in lost inpatient admissions, £0.6 m from lost A&E activity, and £1.3 m from cancelled outpatient appointments. Among hospitals infected with WannaCry ransomware, there was a significant decrease in the number of attendances and admissions, which corresponded to £5.9 m in lost hospital activity. There was no increase in mortality reported, though this is a crude measure of patient harm. Further work is needed to appreciate the impact of a cyberattack or IT failure on care delivery and patient safety.

U2 - 10.1038/s41746-019-0161-6

DO - 10.1038/s41746-019-0161-6

M3 - Journal article

C2 - 31602404

VL - 2

JO - NPJ digital medicine

JF - NPJ digital medicine

SN - 2398-6352

M1 - 98

ER -