{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T15:35:00Z","timestamp":1774366500441,"version":"3.50.1"},"reference-count":20,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2019,10,2]],"date-time":"2019-10-02T00:00:00Z","timestamp":1569974400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2019,10,2]],"date-time":"2019-10-02T00:00:00Z","timestamp":1569974400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100001923","name":"DH | NIHR | Health Services Research Programme","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001923","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["npj Digit. Med."],"abstract":"<jats:title>Abstract<\/jats:title><jats:p>A systematic analysis of Hospital Episodes Statistics (HES) data was done to determine the effects of the 2017 WannaCry attack on the National Health Service (NHS) by identifying the missed appointments, deaths, and fiscal costs attributable to the ransomware attack. The main outcomes measured were<jats:bold>:<\/jats:bold> outpatient appointments cancelled, elective and emergency admissions to hospitals, accident and emergency (A&amp;E) attendances, and deaths in A&amp;E. Compared with the baseline, there was no significant difference in the total activity across all trusts during the week of the WannaCry attack. Trusts had 1% more emergency admissions and 1% fewer A&amp;E attendances per day during the WannaCry week compared with baseline. Hospitals directly infected with the ransomware, however, had significantly fewer emergency and elective admissions: a decrease of about 6% in total admissions per infected hospital per day was observed, with 4% fewer emergency admissions and 9% fewer elective admissions. No difference in mortality was noted. The total economic value of the lower activity at the infected trusts during this time was \u00a35.9\u2009m including \u00a34\u2009m in lost inpatient admissions, \u00a30.6\u2009m from lost A&amp;E activity, and \u00a31.3\u2009m from cancelled outpatient appointments. Among hospitals infected with WannaCry ransomware, there was a significant decrease in the number of attendances and admissions, which corresponded to \u00a35.9\u2009m in lost hospital activity. There was no increase in mortality reported, though this is a crude measure of patient harm. Further work is needed to appreciate the impact of a cyberattack or IT failure on care delivery and patient safety.<\/jats:p>","DOI":"10.1038\/s41746-019-0161-6","type":"journal-article","created":{"date-parts":[[2019,10,2]],"date-time":"2019-10-02T10:06:02Z","timestamp":1570010762000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":147,"title":["A retrospective impact analysis of the WannaCry cyberattack on the NHS"],"prefix":"10.1038","volume":"2","author":[{"given":"S.","family":"Ghafur","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6608-7132","authenticated-orcid":false,"given":"S.","family":"Kristensen","sequence":"additional","affiliation":[]},{"given":"K.","family":"Honeyford","sequence":"additional","affiliation":[]},{"given":"G.","family":"Martin","sequence":"additional","affiliation":[]},{"given":"A.","family":"Darzi","sequence":"additional","affiliation":[]},{"given":"P.","family":"Aylin","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,10,2]]},"reference":[{"key":"161_CR1","unstructured":"National Audit Office. Investigation: WannaCry cyber-attack and the NHS. https:\/\/www.nao.org.uk\/wp-content\/uploads\/2017\/10\/Investigation-WannaCry-cyber-attack-and-the-NHS.pdf (2017)."},{"key":"161_CR2","unstructured":"Smart, W. Lessons learned review of the WannaCry ransomware cyber attack. https:\/\/www.england.nhs.uk\/wp-content\/uploads\/2018\/02\/lessons-learned-review-WannaCry-ransomware-cyber-attack-cio-review.pdf (2018)."},{"key":"161_CR3","unstructured":"McGee, M. A new in-depth analysis of Anthem breach. https:\/\/www.bankinfosecurity.com\/new-in-depth-analysis-anthem-breach-a-9627 (2017)."},{"key":"161_CR4","unstructured":"Singapore personal data hack hits 1.5m, health authority says. https:\/\/www.bbc.co.uk\/news\/world-asia-44900507 (2018)."},{"key":"161_CR5","unstructured":"Gomez, J. & Konschak, C. Cyber-security in healthcare-understanding the new world threat. https:\/\/www.divurgent.com\/wp-content\/uploads\/2015\/03\/Cyber-Security-Healthcarepdf.pdf (2015)."},{"key":"161_CR6","unstructured":"Abelson, R. & Goldstein, M. Millions of Anthem customers targeted in cyberattack. https:\/\/www.nytimes.com\/2015\/02\/05\/business\/hackers-breached-data-of-millions-insurer-says.html (2015)."},{"key":"161_CR7","first-page":"k211","volume":"361","author":"G Iacobucci","year":"2018","unstructured":"Iacobucci, G. NHS waiting times: number of patients waiting 18 weeks for treatment rises sharply. BMJ 361, k211 (2018).","journal-title":"BMJ"},{"key":"161_CR8","doi-asserted-by":"crossref","unstructured":"Furnivall, D., Bottle, A. & Aylin, P. Retrospective analysis of the national impact of industrial action by English junior doctors in 2016. BMJ Open 8, e019319 (2018).","DOI":"10.1136\/bmjopen-2017-019319"},{"key":"161_CR9","doi-asserted-by":"publisher","unstructured":"Metcalfe, D., Chowdhury, R. & Salim, A. What are the consequences when doctors strike? BMJ https:\/\/doi.org\/10.1136\/bmj.h6231 (2015).","DOI":"10.1136\/bmj.h6231"},{"key":"161_CR10","doi-asserted-by":"publisher","first-page":"510","DOI":"10.7326\/0003-4819-144-7-200604040-00010","volume":"144","author":"C McDonald","year":"2016","unstructured":"McDonald, C. Computerization can create safety hazards: a bar-coding near miss. Ann. Intern. Med. 144, 510 (2016).","journal-title":"Ann. Intern. Med."},{"key":"161_CR11","doi-asserted-by":"publisher","first-page":"377","DOI":"10.1197\/jamia.M1740","volume":"12","author":"J Horsky","year":"2005","unstructured":"Horsky, J., Kuperman, G. & Patel, V. Comprehensive analysis of a medication dosing error related to CPOE. J. Am. Med. Inform. Assoc. 12, 377\u2013382 (2005).","journal-title":"J. Am. Med. Inform. Assoc."},{"key":"161_CR12","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1136\/amiajnl-2011-000369","volume":"19","author":"F Magrabi","year":"2012","unstructured":"Magrabi, F., Ong, M.-S., Runciman, W. & Coiera, E. Using FDA reports to inform a classification for health information technology safety problems. J. Am. Med. Inform. Assoc. 19, 45\u201353 (2012).","journal-title":"J. Am. Med. Inform. Assoc."},{"key":"161_CR13","unstructured":"Department of Health and Social Care. Securing cyber resilience in health and care. https:\/\/assets.publishing.service.gov.uk\/government\/uploads\/system\/uploads\/attachment_data\/file\/747464\/securing-cyber-resilience-in-health-and-care-september-2018-update.pdf (2018)."},{"key":"161_CR14","unstructured":"Ponemon Institute LLC. Cost of a data breach study: global overview. https:\/\/public.dhe.ibm.com\/common\/ssi\/ecm\/55\/en\/55017055usen\/2018-global-codb-report_06271811_55017055USEN.pdf (2018)."},{"key":"161_CR15","doi-asserted-by":"publisher","DOI":"10.2196\/10059","volume":"20","author":"MS Jalali","year":"2018","unstructured":"Jalali, M. S. & Kaiser, J. P. Cybersecurity in hospitals: a systematic, organizational perspective. J. Med. Internet Res. 20, e10059 (2018).","journal-title":"J. Med. Internet Res."},{"key":"161_CR16","doi-asserted-by":"publisher","first-page":"k2381","DOI":"10.1136\/bmj.k2381","volume":"361","author":"G Martin","year":"2018","unstructured":"Martin, G. et al. WannaCry\u2014a year on. BMJ 361, k2381 (2018).","journal-title":"BMJ"},{"key":"161_CR17","unstructured":"NRLS Reporting. https:\/\/report.nrls.nhs.uk\/nrlsreporting\/."},{"key":"161_CR18","unstructured":"Ghafur, S. et al. Improving Cyber Security in the NHS (Imperial College London, London, https:\/\/www.imperial.ac.uk\/media\/imperial-college\/institute-of-global-health-innovation\/Cyber-Security-Ghafur.pdf (2019)."},{"key":"161_CR19","doi-asserted-by":"publisher","first-page":"624","DOI":"10.4338\/ACI-2016-04-SOA-0064","volume":"7","author":"DF Sittig","year":"2016","unstructured":"Sittig, D. F. & Singh, H. A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Appl. Clin. Inf. 7, 624\u2013632 (2016).","journal-title":"Appl. Clin. Inf."},{"key":"161_CR20","unstructured":"NHS Digital. Hospital Episode Statistics (HES). https:\/\/digital.nhs.uk\/data-and-information\/data-tools-and-services\/data-services\/hospital-episode-statistics (2019)."}],"container-title":["npj Digital Medicine"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.nature.com\/articles\/s41746-019-0161-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.nature.com\/articles\/s41746-019-0161-6","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.nature.com\/articles\/s41746-019-0161-6.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,12,17]],"date-time":"2022-12-17T18:33:51Z","timestamp":1671302031000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.nature.com\/articles\/s41746-019-0161-6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,10,2]]},"references-count":20,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2019,12]]}},"alternative-id":["161"],"URL":"https:\/\/doi.org\/10.1038\/s41746-019-0161-6","relation":{},"ISSN":["2398-6352"],"issn-type":[{"value":"2398-6352","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,10,2]]},"assertion":[{"value":"16 April 2019","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 August 2019","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"2 October 2019","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"The authors declare no competing interests.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"98"}}