More than 60 NHS trusts affected by ransomware attacks since 2014

Share on Social


At the beginning of 2020, it was revealed that 65 NHS trusts have suffered a ‘successful’ ransomware attack since 2014.

The research, which was compiled by Comparitech, found that 34% of NHS trusts had been affected. The statistics show that the intrusion caused a shocking 4943 hours (or 206 days) of downtime – none of the trusts involved paid the ransom.

NHS ransomware attacks

In total, 48% of the attacks accounted for by Comparitech took place in 2017.

It is no surprise that the NHS saw a spike in ransomware attacks in 2017 due to the WannaCry attack in May of that year. Comparitech revealed that the average attack caused up to 25 hours of downtime, with one trust powering down its systems for 48 hours.


WannaCry was a global cyber epidemic, and the NHS was one of the worst-affected organisations targeted. According to the National Audit Office:

“NHS England identified 6912 appointments that had been cancelled and estimated over 19,000 appointments would have been cancelled in total.”

The hackers took advantage of basic cyber security flaws and used ransomware to infect computers operating Microsoft Windows. This caused many NHS trusts’ files to be ‘held hostage’, with a Bitcoin ransom demanded for their return – causing major disruption throughout the organisations affected.

Health Online has stated that:

“The majority of NHS trusts were unable to place an accurate cost on the amount of downtime caused. The Department of Health and Social Care previously estimated that WannaCry cost the NHS £19 million in lost output, with a further £0.5 million earmarked for IT costs.”

On top of the costs mentioned above, an additional £72 million was spent to restore systems and data affected during the attack. This puts the total cost of WannaCry at almost £92 million.

Protecting your organisation from ransomware

The report released by the NAO post-WannaCry warns that “there are more sophisticated cyber threats out there” and that the attack “could have been prevented by the NHS following basic IT security best practice.”

Basic cyber security measures could save your organisation time and money as a cyber attack can be extremely costly.

Cyber Essentials Online enables organisations to be certified independently for having met a good practice standard in cyber security; it also protects businesses from around 80% of cyber attacks as simple security controls must be set in place for certification.

To learn more about our cyber security checklist, speak to a member of our cyber security team.

Contact us