NHS WannaCry Ransomware Attack: Technical Explanation of The Vulnerability, Exploitation, and Countermeasures

Mohammad Aljaidi, Ayoub Alsarhan, Ghassan Samara, Raed Alazaidah, Sattam Almatarneh, Muhammad Khalid, Yousef Ali Al-Gumaei

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    5 Citations (Scopus)


    To ascertain the consequences of the 2017 WannaCry ransomware attack on the National Health Service (NHS), a systematic investigation of Hospital Episodes Statistics (HES) data was conducted to identify the missed appointments, fatalities, and financial expenses linked to the WannaCry ransomware attack. Outpatient appointment cancellations, hospital emergency and elective admissions, visits to accident and emergency (A&E), and deaths in A&E were the key output tracked. During the week of the ransomware incident, there was no appreciable difference in overall activity between all trusts compared to the baseline. Trusts had 1% fewer accident and emergency visits a day than at baseline, and 1% more admission to the emergency departments. Although there were much fewer elective and emergency admissions in hospitals that had been directly infected by the ransomware, there was nevertheless a daily drop in admissions of roughly 6%, with 4% fewer emergency departments visits, and 9% fewer elective admissions. There was no discernible mortality difference. The reduced activity at the affected trusts over this time had a total economic impact of £5.9 million, which included £0.6 million in lost accident and emergency activity, £1.3 million in lost outpatient consultations, and £4 million in missed inpatient admissions. There was a considerable drop in attendance and admissions among hospitals targeted and affected by the WannaCry ransomware attack, resulting to a loss of hospital activity of £5.9 million. Even though this is a rudimentary indicator of patient damage, there was no documented increase in mortality. To fully understand how a cyberattack or IT problems may affect patient safety and care delivery, more research is required.
    Original languageEnglish
    Title of host publication2022 International Engineering Conference on Electrical, Energy, and Artificial Intelligence (EICEEAI)
    ISBN (Electronic)9798350332742
    Publication statusPublished - 2 Mar 2023


    • EternalBlue
    • Ransomware
    • WannaCry
    • countermeasures
    • doublePulsar
    • vulnerability

    ASJC Scopus subject areas

    • Artificial Intelligence
    • Computer Science Applications
    • Computer Vision and Pattern Recognition
    • Energy Engineering and Power Technology
    • Renewable Energy, Sustainability and the Environment
    • Electrical and Electronic Engineering


    Dive into the research topics of 'NHS WannaCry Ransomware Attack: Technical Explanation of The Vulnerability, Exploitation, and Countermeasures'. Together they form a unique fingerprint.

    Cite this