Site navigation

Rate of Ransomware Attacks on NHS Has Dropped Drastically

Dominique Adams



Increased investment in the NHS’s cybersecurity has resulted in a huge drop in the number of ransomware attacks on the healthcare system, a Freedom of Information request has revealed. 

There has been a dramatic drop in the number of ransomware attacks on the NHS since the devastating 2017 WannaCry cyber attack.

Researchers from security services comparison website, Comparitech, who made the Freedom of Information (FoI) request, suggest there is a correlation between the increased spend on NHS cybersecurity following WannaCry and the decline in attacks.

The purpose of the FoI, made to all NHS trusts in the UK, was to find out how many attacks they had experienced since 2014, how much downtime the attack had caused and whether or not they had paid the ransom.

Paul Bischoff, a privacy advocate and VPN expert at Comparitech, said in his disclosure that since 2014 65 trusts (34%) have been successfully attacked with ransomware, with 209 incidents reported in the documents, causing an estimated 206 days of total downtime.

None of the trusts paid the demanded ransoms. 20% of trusts did not provide any information, which would suggest the true number of attacks and resulting damage could be higher. It is estimated that 23 other trusts were likely to have been impacted by an attack, according to the researchers.

The disclosure revealed that 2017 was the worst year for the ransomware attacks on the NHS, with 48.3% taking place that year. 21% took place in 2016, 20.6% in 2015, and just over 3% in 2014, 2018 and 2019 combined.

However, the report notes that a number of trusts are still processing 2019 data, which means the final figure could rise, and 14 of the attacks were not dated.

Bischoff wrote: “The lower number of attacks in 2018/19 does, hopefully, demonstrate that more robust procedures and systems are in place following the large-scale WannaCry attack in 2017.

“The downward trend coincides with increased spending from the NHS to secure local infrastructure, reduce vulnerabilities, increase cyber resilience.

“Recommendations were also made for staff to complete cyber awareness training. And organisations were told to consider removing staff members’ access to IT systems if they hadn’t completed this mandatory training.”


Many of the trusts hit by ransomware said they did not record the resulting downtime because it affected various different departments, or staff costs were included as part of wider IT services metrics.

Some trusts reported experiencing no downtime, while some said they shut down their systems as a precaution. The average downtime was roughly 25 hours, a potentially dangerous amount of time for a healthcare provider to be offline.

Bischoff said that the decrease in the number of attacks appears to show that increased investment in the NHS’s cybersecurity, combined with the launch of NHSX, since WannaCry has had a positive impact to some extent.

“But as it is crucial that more money is spent on security and better safeguards are put in place as technology advances at a rapid pace,” he added.

At present, there is no agreed minimum standards for security, and procurement policies do not adequately detail how devices should be monitored and regulated. Bischoff said this meant there was little incentive to ensure “top-notch” cybersecurity for their devices, which can be costly.

Dominique Profile Picture

Dominique Adams

Staff Writer, DIGIT

Latest News

%d bloggers like this: