WannaCry—a year on
BMJ 2018; 361 doi: https://doi.org/10.1136/bmj.k2381 (Published 04 June 2018) Cite this as: BMJ 2018;361:k2381- Guy Martin, clinical research fellow1,
- Saira Ghafur, senior policy fellow1,
- James Kinross, senior clinical lecturer1,
- Chris Hankin, professor2,
- Ara Darzi, professor1
- 1Institute of Global Health Innovation, Imperial College London, UK
- 2Institute for Security Science and Technology, Imperial College London, UK
- Correspondence to: G Martin guy.martin{at}imperial.ac.uk
The disruption from last year’s WannaCry malware attack affected 60 NHS trusts, 595 general practices, and thousands of patients.1 The costs of the cybersecurity incident are not known. Worryingly, all 200 NHS hospitals inspected by the Care Quality Commission since the attack have fallen short of the UK government’s Cyber Essentials Plus certification, a basic set of minimum organisational security standards.23
This sobering finding not only highlights the poor security and resilience in the NHS but also suggests that little real progress has been made in the past year. As we continue to rely evermore on technology, effective cybersecurity should be a fundamental part of the healthcare culture. Any breach, loss, or corruption of patient data can paralyse a hospital, harm individuals, and erode patients’ trust in healthcare systems that are regularly under threat as they are a rich source of data and present a soft target.45 The sophistication of cyberattacks continues to evolve, from amateur hackers or accidental compromise to complex state sponsored attacks. The risk is greater than ever.
Effect on patients
WannaCry was not targeted at the NHS but is now viewed as a warning shot. At a …
Log in
Log in using your username and password
Log in through your institution
Subscribe from £173 *
Subscribe and get access to all BMJ articles, and much more.
* For online subscription
Access this article for 1 day for:
£38 / $45 / €42 (excludes VAT)
You can download a PDF version for your personal record.