WannaCry: The Ransomware Attack That Crippled the NHS
How a global cyberattack on May 12, 2017 paralyzed Britain's healthcare system and exposed critical vulnerabilities
Quick Facts
On Friday, May 12, 2017, Britain's National Health Service ground to a halt. The WannaCry ransomware—a variant exploiting a Microsoft Windows vulnerability previously discovered by the NSA and leaked by the Shadow Brokers—spread across healthcare networks worldwide. While the global attack would eventually impact more than 300,000 computers in 150 countries, the NHS became one of the most visible victims of the day.
The scale of the healthcare catastrophe was staggering. At least 80 of England's 236 NHS trusts were either directly infected or forced to shut down systems as a precaution. Beyond hospital networks, 603 additional primary care and NHS organizations fell victim, including 595 general practice surgeries. Across all affected facilities, up to 70,000 devices were locked out—computers, MRI scanners, blood-storage refrigerators, and theatre equipment all rendered inaccessible.
For patients and staff, the consequences were immediate and severe. The ransomware locked healthcare workers out of their systems, preventing access to patient records, test results, and critical information needed for discharges and transfers. Thousands of non-urgent surgeries and appointments were cancelled. Ambulance services diverted patients to other facilities, turning away non-critical emergencies. Some trusts, including East and North Hertfordshire NHS, saw their telephone systems collapse entirely.
In a striking reversion to pre-digital medicine, NHS staff returned to pen-and-paper record-keeping. Staff members used personal mobile phones to communicate. Ambulance handover screens went dark, and patient transport booking portals disappeared offline. The attack had exposed how dependent modern healthcare had become on digital systems—and how vulnerable those systems remained.
