Trusts could be facing £1 million recovery bill from cyber-attack

  • 30 May 2017
Trusts could be facing £1 million recovery bill from cyber-attack

Trusts are yet to reveal the recovery costs of the recent cyber-attack, but one trust source is estimating a million pound plus bill.

Digital Health News contacted a total of 12 trusts across England – part of the remaining 48 initially affected – who recently got systems and services up and running again.

While most could not disclose direct financial implications as a result of the cyber-attack, a source at one of the trusts has indicated it will exceed £1 million.

An East and North Hertfordshire NHS Trust spokesperson said it is unable to provide a figure for some weeks and according to a Freedom of Information report requested by Digital Health News, Colchester Hospital University NHS Foundation Trust stated it too could not give a price tag until the incident is fully evaluated.

The trust said: “Unfortunately the trust is applying an exemption under Section 22 of the Act (Information intended for future publication) as although the trust holds the information you have requested, it will be published in the near future.”

“This exemption is subject to the public interest test and after due consideration the trust does not feel that disclosing this information before its intended publication date is in the public interest.”

The Essex trust’s Harwich Hospital had to cancel its outpatient appointments and postponed some routine appointments due to the attack. However both clinical and non-clinical IT systems are now fully operating.

Colchester Hospital confirmed it does hold information relating to the overall financial implications of the Wannacrypt ransomware , however it isn’t in a position to release it yet.

“Unfortunately although the trust does hold the information you require, we are applying an exemption to these questions under Section 31(a) Law Enforcement of the FOI Act, as disclosing this would be likely to prejudice the prevention or detection of crime.”

It said any data regarding the security of the trust’s IT systems, whether physical or technical, would fall into this exemption, as this information could be used to attack the trust’s systems.

“This exemption is subject to the public interest test, and due to the personal and sensitive information held on our systems, we do not believe it is in the public interest to release it.”

An NHS England spokesperson said it cannot disclose costs or statistics.

Click here for Digital Health News’ two-week wrap of the cyber-attack

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

How to equip NHS staff with cyber security skills they will use

How to equip NHS staff with cyber security skills they will use

Too often, cyber security training is a seen as a burden. But it is possible to make it relevant and useful, writes Nasser Arif.
Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside Integrated Care System has selected a healthcare cyber security platform from Cynerio to strengthen its defences.
How to find your inner ‘cyber defender’

How to find your inner ‘cyber defender’

A "back to basics" and "honest" approach to personal cyber security can help NHS staff make larger improvements at work, writes Nasser Arif.

1 Comments

  • You should distinguish where problems a result of “attack” or result of management actions

Comments are closed.