WannaCry: The Ransomware Attack That Crippled the NHS
How a global cyberattack on May 12, 2017 paralyzed Britain's healthcare system and exposed critical vulnerabilities
On Friday, May 12, 2017, Britain's National Health Service ground to a halt. The WannaCry ransomware—a variant exploiting a Microsoft Windows vulnerability previously discovered by the NSA and leaked by the Shadow Brokers—spread across healthcare networks worldwide. While the global attack would eventually impact more than 300,000 computers in 150 countries, the NHS became one of the most visible victims of the day.
The scale of the healthcare catastrophe was staggering. At least 80 of England's 236 NHS trusts were either directly infected or forced to shut down systems as a precaution. Beyond hospital networks, 603 additional primary care and NHS organizations fell victim, including 595 general practice surgeries. Across all affected facilities, up to 70,000 devices were locked out—computers, MRI scanners, blood-storage refrigerators, and theatre equipment all rendered inaccessible.
For patients and staff, the consequences were immediate and severe. The ransomware locked healthcare workers out of their systems, preventing access to patient records, test results, and critical information needed for discharges and transfers. Thousands of non-urgent surgeries and appointments were cancelled. Ambulance services diverted patients to other facilities, turning away non-critical emergencies. Some trusts, including East and North Hertfordshire NHS, saw their telephone systems collapse entirely.
In a striking reversion to pre-digital medicine, NHS staff returned to pen-and-paper record-keeping. Staff members used personal mobile phones to communicate. Ambulance handover screens went dark, and patient transport booking portals disappeared offline. The attack had exposed how dependent modern healthcare had become on digital systems—and how vulnerable those systems remained.
The financial toll was substantial. The NHS estimated the attack cost £92 million in total damage: £19 million from cancelled operations and appointments, plus £73 million in IT recovery and system repairs. No NHS organization paid the ransom, and critically, no patient data was compromised or stolen.
Investigations revealed the NHS was particularly vulnerable. Many systems ran outdated software: Windows 7 remained prevalent across the service, while the NHS claimed only 4.7% of devices still used the even older Windows XP—a figure that drew skepticism from cybersecurity experts. Microsoft had released patches for the vulnerability in March 2017, two months before the attack, but many NHS trusts had not applied them. The virus spread via the N3 network rather than NHSmail, and while the NHS was not specifically targeted, it became collateral damage in a global cyberattack.
