Barts Health ‘badly affected by WannaCry right across the estate’

Barts Health struggles with ‘very challenging’ IT infrastructure acquired after the 2012 merger of three trusts.

[London, UK] The ‘old and variable’ network architecture at Barts Health NHS Trust has been named as one of the main reasons why the healthcare provider was one of the worst affected in the wake of the WannaCry cyber attack.

CCIO Charles Gutteridge spoke at an event in Birmingham, earlier this week, about the trust’s response to the May 2017 incident, when the malware infected 1,700 PCs out of 8,000 in only seven minutes.

Speaking to digital leaders in the room, Gutteridge said these type of incidents can lead to loss of ‘trust confidence in health IT’, which may take a while to recover.

“My message is just do everything you can not to let this stuff happen,” the CCIO added.

Formed after the merger of three separate trusts back in 2012, Barts Health acquired a ‘very challenging’ IT infrastructure as these providers used different IT systems.

“On May 12 at 11:58 in Newham [University Hospital], somebody found that they couldn't take X-rays anymore and we very, very quickly saw that that was due to a virus infection on a piece of equipment in the radiology department,” the CCIO said.

“I think it’s fair to say we were badly affected by WannaCry right across the estate.

“So it doesn't matter whether you were in Barts, in the middle of the city, or right at the far edges of the estate, beyond Whipps Cross and almost in the countryside, we had PCs that picked up the virus and the reason for that was the old and variable architecture that we acquired at the time of the merger,” he added.

Gutteridge said the trust’s antivirus software was up to date, but the supplier had not encountered anything like WannaCry beforehand and measures were only taken after Microsoft released security updates for its older versions of Windows to stop the virus from spreading.

In July, the Department of Health announced that more than £50m will be invested across the NHS to improve cyber defence capabilities, with a £21m fund created specifically for trauma centres.

During the WannaCry attack, Barts Health had to shut down its major trauma centre, which caused ‘massive strain’ on the service.

Gutteridge said Barts Health has not yet received any additional funding to improve their cyber resilience, although the WannaCry incident had a knock-on effect on the trust’s finances, leading to a ‘sizeable deficit’.

Related content:

NHS and Department of Health warned to ‘get their act together’ after National Audit Office WannaCry investigation

Related News

CQC finds again ‘zip bags’ of patient records in public areas at NHS trust

CQC rates Royal Cornwall Hospitals NHS trust services as ‘inadequate’

RCGP releases new guidance on online consultation services

RCGP issues new guidance on online consultation services to ensure patients are receiving high-quality, safe care

Working group to lead implementation of recommendations from CCIO review on data collection

Department of Health releases new review into Public Health England’s data collection functions