Investigation-WannaCry-cyber-attack-and-the-NHS.pdf (2 MB)

WannaCry disrupted NHS services in England from 12 to 19 May 2017 after a global ransomware outbreak affected more than 200,000 computers in at least 100 countries. NHS England said at least 80 of 236 trusts were infected or disrupted by precautionary shutdowns, and 603 primary care and other NHS organisations were also infected, including 595 GP practices. The investigation found that NHS Digital had issued critical patching alerts in March and April 2017, but national bodies lacked a formal mechanism to confirm whether local NHS organisations had followed the guidance. The report matters for defenders because it shows how unpatched systems, legacy software, and incomplete preparedness checks can turn a broadly spreading ransomware incident into major healthcare disruption.