NHS Lanarkshire was left ‘vulnerable’ to WannaCry cyber attack disruption

Cyber Security, News

  • 31 October 2017
NHS Lanarkshire was left ‘vulnerable’ to WannaCry cyber attack disruption
cyber attack health boards
Hannah Crouch
October 24, 2017

An NHS trust in Scotland was left ‘vulnerable’ to cyber attack disruption because a  software update had not been installed.

Almost 500 patient appointments and procedures had to be cancelled when NHS Lanarkshire computers were infected by WannaCry in May.

A report into what happened has since been released and revealed how the attack had affected the trust, including affecting more than 1,300 PCs.

The internal report added that a number of computers were left ‘vulnerable’ due to their software.

The report stated: “Microsoft has subsequently made a WannaCry patch available for XP but in general XP remains unsupported.

“One hundred and ninety of these PCs were required to run XP as they were supporting medical devices which could not operate on more up-to-date software.

“Therefore, these PCs were particularly vulnerable.”

The trust was subsequently affected by a malware outbreak in August, as reported by Digital Health News.

Following the release of the report, Calum Campbell, chief executive of NHS Lanarkshire, said the impact of the cyber attack was ‘limited’.

He added: “Following the cyber attack in May we took prompt and robust action to improve the security of our IT systems, which helped limit the impact of the malware incident in August.

“We apologise to any patients affected by the May and August incidents.

“Our staff went above and beyond during these incidents to successfully minimise the inconvenience to patients and quickly restore our IT systems.”

“The integrity of our patient data was maintained in both cases.

“Every organisation throughout the world needs to recognise and prepare for future cyber threats of this kind.

“Our experience, detailed analysis and learning from both incidents along with robust actions to enhance our cyber security mean that NHS Lanarkshire is much better placed to meet and respond to these challenges.”

The WannaCry ransomware, which affected around 150 countries, takes over user files and demands £230 ($300) to restore them.

A National Audit Office (NAO) report into the May attack concluded that simple measures could have been taken to protect the NHS.

Subscribe To Our Newsletters

Find out more

Subscribe to our newsletter

Subscribe To Our Newsletter

Prev News

Another view: of private doctor apps

Next News

University of Manchester launches BeeActive app to improve fitness

2 Comments

  • Tor says:
    31 October 2017 at 4:31 PM

    Well done NHS Lanarkshire. Believe this won’t happen again here.

  • The Insider says:
    31 October 2017 at 2:01 PM

    I’d love to know whether the medical device suppliers should be blamed for forcing the NHS to use Windows XP machines, or whether those devices should also have been deemed unsupported. Or were unsupported and adequate equipment was not purchased.

    God, I hope MRI machines aren’t running on Windows XP….

Comments are closed.

Related News

NHS England investigating compromised GP websites
News April 16, 2026

NHS England investigating compromised GP websites

NHS England are investigating as more NHS provider websites have been compromised and are now linking to adult content.
Sovereignty: A strategic imperative the NHS cannot ignore
Cyber Security April 13, 2026

Sovereignty: A strategic imperative the NHS cannot ignore

Digital sovereignty receives only a fraction of the attention given to AI. That needs to change, argue digital health leaders
NHS Scotland websites linking to adult and illegal sports content
Cyber Security April 10, 2026

NHS Scotland websites linking to adult and illegal sports content

NHS Glasgow's cyber security team is working with a GP practice after its website was linked to adult content and illegal sports streams.