The Department of Health and Social Care has estimated that the WannaCry ransomware attack, which disrupted more than 80 trusts and hundreds of GP practices last year, cost £92 million. The cost is associated with the loss of output and IT cost during the attack (£20 million) and the IT cost in the aftermath of the attack (£72 million). The Department also details the work and investment gone towards securing local infrastructure, reducing potential vulnerabilities and increasing NHS organisations’ cyber resilience in the same publication.
The Department’s report comes around the same time that NHS Digital announces it opposes adopting a recommendation made by Will Smart, the NHS chief information officer, who suggested requiring all NHS organisations to achieve Cyber Essentials Plus certification by June 2021.
In a February report, Smart stated that Cyber Essentials Plus should be the “minimum bar that all health and social care organisations must meet”. However, NHS Digital states in documents recently released under the Freedom of Information Act that “While NHSD believes using the CE+ [Cyber Essentials Plus] as a benchmark is useful, getting all providers to accreditation would not be value for money.” It is estimated that meeting this standard would cost the NHS between £800 million and £1 billion.
How prepared are you for a data breach?
Find out how prepared your organisation is for a data breach with our new quiz that presents your breach readiness score, along with a personalised report on how #BreachReady you are. You will also get a summary of your answers and advice on how you can make sure you’re prepared.