Trusts are yet to reveal the recovery costs of the recent cyber-attack, but one trust source is estimating a million pound plus bill.

Digital Health News contacted a total of 12 trusts across England – part of the remaining 48 initially affected – who recently got systems and services up and running again.

While most could not disclose direct financial implications as a result of the cyber-attack, a source at one of the trusts has indicated it will exceed £1 million.

An East and North Hertfordshire NHS Trust spokesperson said it is unable to provide a figure for some weeks and according to a Freedom of Information report requested by Digital Health News, Colchester Hospital University NHS Foundation Trust stated it too could not give a price tag until the incident is fully evaluated.

The trust said: “Unfortunately the trust is applying an exemption under Section 22 of the Act (Information intended for future publication) as although the trust holds the information you have requested, it will be published in the near future.”

“This exemption is subject to the public interest test and after due consideration the trust does not feel that disclosing this information before its intended publication date is in the public interest.”

The Essex trust’s Harwich Hospital had to cancel its outpatient appointments and postponed some routine appointments due to the attack. However both clinical and non-clinical IT systems are now fully operating.

Colchester Hospital confirmed it does hold information relating to the overall financial implications of the Wannacrypt ransomware , however it isn’t in a position to release it yet.

“Unfortunately although the trust does hold the information you require, we are applying an exemption to these questions under Section 31(a) Law Enforcement of the FOI Act, as disclosing this would be likely to prejudice the prevention or detection of crime.”

It said any data regarding the security of the trust’s IT systems, whether physical or technical, would fall into this exemption, as this information could be used to attack the trust’s systems.

“This exemption is subject to the public interest test, and due to the personal and sensitive information held on our systems, we do not believe it is in the public interest to release it.”

An NHS England spokesperson said it cannot disclose costs or statistics.

Click here for Digital Health News’ two-week wrap of the cyber-attack