NHS Announce Impact Of Ransomware WannaCry

Legal service firms are placing increased importance on cyber security measures in recent years. In part due to the huge scandals making national news like the NHS Ransomware attack of last year.

The NHS Public Accounts Committee has announced the total coast of the Ransomware attack, WannaCry and has found that at least £92 million of NHS funds were consumed through the attack.

The committee found that the reduced information forced services to considerably reduce in the week following the attack at a predicted cost of £19 million in rearranged operations, visits and appointments.

Roughly £500,000 was spent on IT support and £72 million worth of costs in two months after the initial attack.

Mollie MacDougall, Threat Intelligence Manager of The NHS Public Accounts Committee, said: “We recognise that at the time of the attack the focus would have been on patient care rather than working out what WannaCry was costing the NHS. However, an understanding of the financial impact on the NHS is also important to assess the seriousness of the attack and likely to be relevant to informing future investment decisions in cyber security.”

“Ransomware is still a very potent threat to organisations of all sizes and phishing has been a very viable delivery mechanism for ransomware attacks.”

“The NHS has increased infrastructure investment to £60m this year, but if that investment is focused solely on technology solutions, regular back-ups, anti-virus software and wider security technology, it will not be enough – as many phishing emails have the ability to bypass these technologies and land in a user’s inbox.

“By training and conditioning employees to recognise and report suspicious emails, organisations have a much better chance of stopping active attacks in progress instead of relying on technology alone to do so.

“The healthcare industry is at high risk for cyber threats and especially ransomware attacks, as interrupted access to their systems can have dangerous and even life-threatening consequences for patients.”

When a ‘relatively unsophisticated’ attack can cost almost £100 million, it is clear how important it actually is to secure a firm’s cyber security.

Additionally, in the age of price and service transparency when a firm’s reputation is so important, ensuring your firm retains its credibility by avoiding the reputational repercussions of cyber attacks is essential.

Neil Prevett, Technology Director at regional mid-size firm Gardner Leader, said: “The commercial advantage is probably the avoidance of bad publicity due to a breach. Like most technology projects, most work is done behind the scenes and is unseen by staff and clients. Our main role as cyber security experts is to ensure a solid, reliable and secure system that is fit for purpose and delivers what is required.”

Is your firm aware of the potential reputational damage that a serious cyber attack could have? Are you prepared for potential losses if a cyber attack is successful? Do you adequately train your staff to avoid simple phishing scams?