NHS Response to the Nation-wide Cyber Attack

May 2017 saw a wide-scale cyber attack launched on the NHS, it is known to be the ‘biggest ransomware offensive in history’ by Europol, the EU’s law enforcement agency. 161 health service organisations were attacked by the malware, with 40 hospitals going completely offline and 24 trusts had no access to their IT system. The ransomware also affected more than 80 countries globally, such as Taiwan and Russia. At present, the NATIONAL Cyber Security centre and the National Crime Agency are conducting a criminal investigation into the causes of the cyber attack.

cyber attack

The ransomware, named ‘WannaCry’ was spread by hackers through phishing emails. It is sent through emails and infects a computer once the email and its attachments have been opened by the recipient, consequently releasing malware onto the IT system.

The ransomware prohibited recipient access to files, demanding bitcoin payment before they would be released.

WannaCry’s ability to hack systems in this manner was down to a flaw in Microsoft office, known as the ETERNALBLUE exploit. The hackers, known as the ShadowBrokers (TSB) created WannaCry through combining ETERNALBLUE with a self-replicating virus, allowing for the spread of the malware throughout the NH’S IT systems. Though the ETERNALBLUE flaw was subsequently fixed by Microsoft through a security patch, those who had not updated their systems were affected.


This cyber attack led to widespread delay of healthcare services – many appointments and surgeries were cancelled, with patient records and documents inaccessible. Cyber security experts deem this consequence as a situation ‘where bits and bytes meet flesh and blood’ – essentially where a cyber attack can result in physical harm. Though little long-term damage was done and services resumed rapidly after the disruption, the attack represents the need to for resilient and effective cyber security protection.

An NHS IT worker managed to curb the spread of this attack by utilising a ‘kill switch’ which destroyed every infection that had infected the NHS command and control server. Though successful, whether this is enough to protect from more aggressive mutations of the ransomware is hotly debated.


To prevent such an attack in the future, there must be investment in cyber security education, new and updated IT systems and a higher level of networking security. A recent NHS Improvement committee has considered such proposals as the potential way forward. Further, better ways of communicating in the midst of such a crisis must be explored – in the wake of the attack communication via email was not possible and central messages did not reach all desired recipients, creating a further obstacle. Other ways of cascading messages must be explored in the future, one possible way is through Whatsapp communication which has already been utilised by multiple regional offices, commissioners and health providers.

The possibility for NHS improvement to assess individual Trusts cyber-security is also currently being considered.

Leave a Reply


Be sure to include your first and last name.

If you don't have one, no problem! Just leave this blank.