The WannaCry attack in May 2017 disrupted services across one third of hospital trusts and around 8% of GP practices leading to more than 19,000 cancelled appointments, according to the Department of Health and Social Care report.
DHSC’s 11 October report estimated that 1% of care was disrupted over a one-week period, which translated to £19m of lost output.
Additional resources used for IT specialists during the attack cost an additional £0.5m but in the aftermath DHSC spent £72m on IT specialist work, the department calculated.
DHSC stressed that the £92m figure was estimate and said it was “not possible” to estimate with certainty the financial impact.
After the attack, the Public Accounts Committee warned that the NHS still has “a long way to go” to be sufficiently prepared for another cyber attack.
The PAC report also concluded that the NHS was “lucky” that the attack occurred on a Friday in summer – a relatively quiet period for the NHS.
In September, a poll of audit professionals across Europe found that cybersecurity was the biggest perceived organisational risk for 2019.
