WannaCry—a year on

The disruption from last year’s WannaCry malware attack affected 60 NHS trusts, 595 general practices, and thousands of patients.1 The costs of the cybersecurity incident are not known. Worryingly, all 200 NHS hospitals inspected by the Care Quality Commission since the attack have fallen short of the UK government’s Cyber Essentials Plus certification, a basic set of minimum organisational security standards.23

This sobering finding not only highlights the poor security and resilience in the NHS but also suggests that little real progress has been made in the past year. As we continue to rely evermore on technology, effective cybersecurity should be a fundamental part of the healthcare culture. Any breach, loss, or corruption of patient data can paralyse a hospital, harm individuals, and erode patients’ trust in healthcare systems that are regularly under threat as they are a rich source of data and present a soft target.45 The sophistication of cyberattacks continues to evolve, from amateur hackers or accidental compromise to complex state sponsored attacks. The risk is greater than ever.