We led an exemplary response to a WannaCry cyber incident ensuring minimal impact on primary care services and rapid resolution

Background

In May 2017 our IT team received alerts from our software of an irregularity within some of the managed networks: 300 machines in two CCGs in Lancashire and Cheshire were subject to a WannaCry attack. ​

Action

We immediately activated our Business Continuity Plan and rapid response procedures, prompting the quick collection of intelligence and establishment of an emergency task force. Managers of the acute trust were contacted, and, with their agreement, isolated from the wider network to contain the damage. Whilst some deep processes were affected, the hospital continued to operate, isolated from further risk, and patient care continued using an interim (paper-based) system.​

We opened emergency internal communication channels over the weekend and the team worked around the clock, developing an action list of software to replace and systems to fix. We used our solid supplier relationships to rapidly source the equipment and skills needed. ​

To minimise the impact on primary care, a community team was set up to repair and replace systems. Our response was rapid, intense, robust and continually reviewed as the situation evolved. ​

Impact

Our good work ensured that no surgery was affected by closure or disruption to work. We linked to NHS England Gold Command and collaborated with other affected organisations. Knowledge, best practice and solutions were shared – a critical success factor. Our exemplary response earned us a seat on the National Cyber Security Group, regarded as the voice of expertise for managing scalable cyber security incidents.​

​

During the WannaCry cyber attack, NHS Midlands and Lancashire experienced a range of impacts. Using a root cause analysis approach to examine a wealth of information in our service desk knowledge base tool, we examined variations and identified two key areas for learning and investment. ​

​

Firstly, we have invested in enhanced software resilience to achieve a more robust infrastructural barrier to future cyber attacks. Secondly, we are tackling the risk of human behaviours. In January 2018, we became the first NHS organisation to secure GCHQ accreditation for our bespoke end-user cyber security awareness course, CyberStrong, which now forms part of our organisation’s mandatory training programme.​

Further information

If you would like more information about our services, you can contact us on our help and contact page.