Two-week wrap of the cyber-attack

Latest status on affected trusts

Friday marks two weeks since the global cyber-attack and extent of the 12 May incident is starting to be calculated.

Staffordshire and Stoke on Trent Partnership NHS Trust had a total of 120 appointments cancelled and delayed between 12 May and 16 May, according to a trust spokeswoman.

The trust could not estimate the financial recovery damage as “the cost has not been established as yet”, she said.

One of the trusts that continued to be hit throughout the weekend was James Paget University Hospitals NHS Foundation Trust, with all patient operations and appointments back to schedule on Tuesday.

In the trust’s May board papers, details were provided about how the trust dealt with the ransomware virus. A full shut down occurred, and face to face meetings were held with staff to keep them up to date with the dynamic situation.

“Some [staff] gave up their weekend and many have worked on limited sleep, particularly our IT team”, the chief executive’s, Christine Allen, report said.

She also thanked the trust staff profusely.

The hardest hit trust from the cyber-attack, Barts Health NHS Trust, confirms it has now got most of its planned operations and clinics running.

Barts, which is the largest trust in England, suffered extreme ramifications from the attack.

In a statement released on the trust’s website on Thursday (25 May) it said: “We are steadily bringing our clinical systems back online, with imaging and pathology services now running as normal.”

The trust apologised to those affected by delays and cancellations and stated it will have staff work over weekends to provide rescheduled appointments.

“Although staff now have access to emails, it may take time for us to answer queries from members of the public due to a large backlog of messages to be processed. We apologise for the delay,” the statement said.

“It is too early at this stage to speculate about the causes of the disruption. Alongside other NHS organisations we will in due course hold an investigation into what happened on 12 May, and apply any lessons we learn. We always work closely with our anti-virus supplier to ensure testing and protection is up-to-date, and the anti-virus software is updated daily.”

On April 20, Barts was faced with another major incident – this time to its network.

A huge IT failure had left staff without access to pathology and diagnostic imaging. It also affected other critical clinical systems leading to disrupted services and cancelled appointments.

The situation was described as “complex”, with “a number of applications have been affected to varying degrees, such as chemotherapy prescribing and digital dictation systems”.

Barts serves about 2.5 million people living in East London.

Trusts re-evaluate protection plans

While some trusts were not directly hit by the ransomware attack, their board papers reveal that the incident has caused them to re-evaluate their cyber-attack prevent plans.

West Suffolk NHS Foundation Trust was not directly affected by the cyber-attack, but in its May board meeting the repercussions were apparent with the approval for a new firewall. The board paper stated it will “help protect the trust against the type of cyber-attack suffered in May”.

A trust spokeswoman said she was unable to confirm the cost of this, due to commercial confidentiality.

One of the biggest teaching trusts in the country, The Leeds Teaching Hospitals NHS Trust had stated in its May board papers that “in the light of the cyber-attack in mid May, we cannot be over vigilant in this area”.

“It is important that we ask NHS England and NHS Improvement to share learnings from incidents in other trusts quickly.”

Leeds Teaching was already reviewing its cyber security prior to the 12 May attack. Digital Health News reported in April that a fake phishing email sent out to all staff fooled 400 NHS employees into replying with confidential information.

In the May papers, it said the review suggests the trust has “reasonable protection” but is “prone to human frailties in responding to suspicious emails”.

National Cyber Security Centre’s role in the ransomware attack

The attack also saw the National Cyber Security Centre (NCSC) play a role in the response. The centre became operational in October last year.

Ciaran Martin, its chief executive, told a cyber security conference on Thursday that during the incident the NCSC’s website saw 200,000 unique page views for general ransomware advice.

The NCSC’s cyber information sharing partnership (CiSP) portal received more than double the average weekly visit.