Use the links below to access our reports, or scroll down to use the search function to explore all of our publications including peer-reviewed papers and briefing papers.

Browse all publications

Citation

BibTex format

@article{Ghafur:2019:10.1038/s41746-019-0161-6,
author = {Ghafur, S and Kristensen, S and honeyford, K and Martin, G and Darzi, A and Aylin, P},
doi = {10.1038/s41746-019-0161-6},
journal = {npj Digital Medicine},
title = {A retrospective impact analysis of the WannaCry cyber-attack on the NHS},
url = {http://dx.doi.org/10.1038/s41746-019-0161-6},
volume = {2},
year = {2019}
}

RIS format (EndNote, RefMan)

TY  - JOUR
AB - A systematic analysis of Hospital Episodes Statistics (HES) data was done to determine the effects of the 2017 WannaCry attack on the National Health Service (NHS) by identifying the missed appointments, deaths, and fiscal costs attributable to the ransomware attack. The main outcomes measured were: outpatient appointments cancelled, elective and emergency admissions to hospitals, Accident & Emergency (A&E) attendances, and deaths in A&E. Compared with the baseline, there was no significant difference in the total activity across all trusts during the week of the WannaCry attack. Trusts had 1% more emergency admissions and 1% fewer A&E attendances per day during the WannaCry week compared with baseline. Hospitals directly infected with the ransomware, however, had significantly fewer emergency and elective admissions: a decrease of about 6% in total admissions per infected hospital per day was observed, with 4% fewer emergency admissions and 9% fewer elective admissions. No difference in mortality was noted. The total economic value of the lower activity at the infected trusts during this time was £5.9m including £4m in lost inpatient admissions, £0.6m from lost A&E activity, and £1.3m from cancelled outpatient appointments. Among hospitals infected with WannaCry ransomware, there was a significant decrease in the number of attendances and admissions, which corresponded to £5.9m in lost hospital activity. There was no increase in mortality reported, though this is a crude measure of patient harm. Further work is needed to appreciate the impact of a a cyber attack or IT failure on care delivery and patient safety.
AU - Ghafur,S
AU - Kristensen,S
AU - honeyford,K
AU - Martin,G
AU - Darzi,A
AU - Aylin,P
DO - 10.1038/s41746-019-0161-6
PY - 2019///
SN - 2398-6352
TI - A retrospective impact analysis of the WannaCry cyber-attack on the NHS
T2 - npj Digital Medicine
UR - http://dx.doi.org/10.1038/s41746-019-0161-6
UR - http://hdl.handle.net/10044/1/72756
VL - 2
ER -