Downloading PDF

Effectively dealing with a cyber security ​incident – WannaCry

Effectively dealing with a cyber security ​incident – WannaCry

Home » Case studies » Effectively dealing with a cyber security ​incident – WannaCry

We led an exemplary response to a WannaCry cyber incident ensuring minimal impact on primary care services and rapid resolution

Background

In May 2017 our IT team received alerts from our software of an irregularity within some of the managed networks: 300 machines in two CCGs in Lancashire and Cheshire were subject to a WannaCry attack. ​

Action

We immediately activated our Business Continuity Plan and rapid response procedures, prompting the quick collection of intelligence and establishment of an emergency task force. Managers of the acute trust were contacted, and, with their agreement, isolated from the wider network to contain the damage. Whilst some deep processes were affected, the hospital continued to operate, isolated from further risk, and patient care continued using an interim (paper-based) system.​

We opened emergency internal communication channels over the weekend and the team worked around the clock, developing an action list of software to replace and systems to fix. We used our solid supplier relationships to rapidly source the equipment and skills needed. ​

To minimise the impact on primary care, a community team was set up to repair and replace systems. Our response was rapid, intense, robust and continually reviewed as the situation evolved. ​

Impact

Our good work ensured that no surgery was affected by closure or disruption to work. We linked to NHS England Gold Command and collaborated with other affected organisations. Knowledge, best practice and solutions were shared – a critical success factor. Our exemplary response earned us a seat on the National Cyber Security Group, regarded as the voice of expertise for managing scalable cyber security incidents.​

During the WannaCry cyber attack, NHS Midlands and Lancashire experienced a range of impacts. Using a root cause analysis approach to examine a wealth of information in our service desk knowledge base tool, we examined variations and identified two key areas for learning and investment. ​

Firstly, we have invested in enhanced software resilience to achieve a more robust infrastructural barrier to future cyber attacks. Secondly, we are tackling the risk of human behaviours. In January 2018, we became the first NHS organisation to secure GCHQ accreditation for our bespoke end-user cyber security awareness course, CyberStrong, which now forms part of our organisation’s mandatory training programme.​

Further information

If you would like more information about our services, you can contact us on our help and contact page.

View all

News and views

News

Investigation and intervention proposal for ICBs

In addition to the work NHS England’s (NHSE’s) Intensive Support Teams are undertaking at both regional and national…

Blog News

A walk through of the Court of Protection Deprivation of Liberty process

Fergus Campbell, Clinical Lead, NHS ML In the final post of our blog mini-series on Court of Protection…

News

Join the tenth anniversary edition of The School for Change Agents!

Would you like to develop skills to make a difference and create change in health and care?   The…

View all

How we can help health systems

Clinical redesign and provider collaboration

Redesigning how health and care works across England - placing people at the centre of their own health and care and utilising…

Learn more about Clinical redesign and provider collaboration
Clinical redesign and provider collaboration

Communications and engagement

Supporting ICSs with approaches to design and deliver effective communication, engagement and behavioural insights as a key enabler for system change and…

Learn more about Communications and engagement
Communications and engagement

Developing health systems

Acting as an independent and trusted partner within the system to facilitate working across stakeholders and integrate elements of the provider system…

Learn more about Developing health systems
Developing health systems

Digitally enabled transformation and IT

Digitising care and partnering with systems for the transformation of digitally enabled service delivery (and other supporting processes) across vision, planning and…

Learn more about Digitally enabled transformation and IT
Digitally enabled transformation and IT

Improving productivity and efficiency

We have a range of impactful solutions both across operational services and transformational programmes to support NHS systems to tackle some of…

Learn more about Improving productivity and efficiency
Improving productivity and efficiency

People solutions

Supporting systems to build a sustainable and integrated workforce, transforming systems, organisations and the workforce experience to improve resilience.

Learn more about People solutions
People solutions

Personalised healthcare commissioning services

Providing end-to-end funded care services, including patients as active partners in identifying their healthcare needs and then commissioning care to meet these.…

Learn more about Personalised healthcare commissioning services
Personalised healthcare commissioning services

PHM analytics and decision support

Applying intelligence-led understanding of the health of the population to support the redesign of care and improve patient and financial outcomes across…

Learn more about PHM analytics and decision support
PHM analytics and decision support

Place and primary care transformation

Supporting providers to work together at a place and neighbourhood level to manage common resources, integrate community teams, improve health and reduce…

Learn more about Place and primary care transformation
Place and primary care transformation
MLCSU