On Friday 12 May, a large-scale cyber-attack hit around 150 countries infecting ransomware onto hundreds of thousands of computers and IT systems. While the attack has affected many different organisations globally, among the worst hit was the NHS. Large-scale disruption was felt across England and Scotland which affected hospital and GP appointments. Around 45 NHS organisations in England and Scotland were disrupted; however, most were back to normal by Saturday afternoon.

The NHS Digital statement on the attack says their Data Security Centre is continuing to work with the National Cyber Security Centre to support NHS organisations. There is no evidence that any patient data has been compromised.   

This attack is a wake-up call for the importance of ensuring NHS IT systems are robust. The National Data Guardian review of data security, consent and opt-outs highlighted that while data security frameworks, assurance schemes and standards already exist; they have often been seen as a tick-box exercise or too expensive and time-consuming to be applied broadly in the health and social care sector. It is essential that data security standards are adequately resourced so that everyone can have confidence in the system.

There are huge benefits for appropriate, and safe, use of technology and data in the NHS. A digital NHS is one that can deliver integrated healthcare as well as increased productivity.