Intended for healthcare professionals


Effective cybersecurity is fundamental to patient safety

BMJ 2017; 357 doi: (Published 17 May 2017) Cite this as: BMJ 2017;357:j2375
  1. Guy Martin, clinical research fellow1,
  2. James Kinross, senior clinical lecturer11,
  3. Chris Hankin, director2
  1. 1Department of Surgery and Cancer, Imperial College London, London, UK
  2. 2Institute for Security Science and Technology, Imperial College London,
  1. Correspondence to: C Hankin c.hankin{at}

The NHS must reduce its vulnerability and build resilience against future cyber attacks

The global WannaCry ransomware attack has had a disproportionate effect on the UK healthcare sector, highlighting the poor state of cybersecurity in the NHS and the failure to recognise it as a fundamental matter for patient safety.

WannaCry is trojan malware designed to extort money by holding files to ransom. It exploits a known vulnerability in the Windows operating system that was initially identified and patched by Microsoft in March 2017, with a further patch released after the event.12 The attack is widely reported to have used system exploits released by the hacker group the Shadow Brokers but originating from the US National Security Agency. Once a computer is infected the malware creates encrypted copies of files before deleting the originals; the only way to retrieve affected data is to pay the bitcoin ransom. Computer systems across more than 150 countries have been infected, and only the fortuitous intervention …

View Full Text

Log in

Log in through your institution


* For online subscription