Last year’s WannaCry cyberattack left the NHS facing a bill of nearly £100m, it has revealed.
The May 2017 attack cost the NHS around £92m, according to figures from the Department of Health and Social Care. However it added that this was only an estimate as obtaining the real costs would “impose a disproportionate financial burden on the system”.
WannaCry hit computer systems across the NHS, leaving services severely disrupted and meaning thousands of appointments cancelled.
WannaCry security bill
The costs included an initial £500,000 spent on IT support during the attack itself, although this figure is dwarfed by the £72m spent on such support in the two months immediately following the attack.
A further £19m cost was incurred in the week following the attack due to lost output of patient care caused by reduced access to information and the necessary systems.
“We recognise that at the time of the attack the focus would have been on patient care rather than working out what WannaCry was costing the NHS,” the NHS public accounts committee said in a statement.
“However, an understanding of the financial impact on the NHS is also important to assess the seriousness of the attack and likely to be relevant to informing future investment decisions in cyber security.”
The news comes days after the NHS’s IT governing body said it would not be investing in cybersecurity protection as it does not represent value for money.
NHS Digital is ignoring the recommendations laid out in a government-sanctioned report authored by its own CIO due to the costs being too high. Will Smart’s proposals, coming after a review commissioned by the government back in February, would set NHS Digital back between £800 million and £1 billion.
- The best antivirus to download in 2018