For frontline physicians in the U.K.’s National Health Service (NHS) system that saw firsthand the patient care implications of a large-scale cyberattack, WannaCry provides a new perspective on the real-world impact of outdated and underfunded IT systems.
Although the U.K. and U.S. governments both downplayed the impact of the ransomware attack on patient care, two NHS physicians outlined the “undeniably dramatic” ripple effects that forced doctors to revert to pen-and-paper charting, shut down access to x-rays and prompted some patients to forgo elective surgeries.
“Certainly, for frontline doctors like us who are used to wrestling with clunky NHS IT systems, the biggest surprise of the malware attack was not that it happened but why it had taken so long,” the physicians from Oxford University Hospital and Imperial College Healthcare wrote in the New England Journal of Medicine. “It is an irony lost on no NHS doctor that though we can transplant faces, build bionic limbs, even operate on fetuses still in the womb, a working, functional NHS computer can seem rarer and more precious than gold dust.”
The fact that NHS physicians are accustomed to health IT outages may have helped them weather the storm, but the WannaCry attack raises serious questions about the government's cybersecurity investments. The authors urged the medical community to use the attack as a means to demand more reliable systems.
“Digital security simply hadn’t been an NHS priority until WannaCry’s infection became the biggest cyberattack on critical infrastructure in U.K. history,” the authors wrote.
Although the U.S. was comparatively spared from the global attack, earlier this week the Department of Health and Human Services indicated that two “large multi-state” health systems still face “significant” operational challenges because of WannaCry. HHS Secretary Tom Price is scheduled to testify before a House subcommittee today following the release of the agency’s cybersecurity report last week.