The infamous WannaCry ransomware campaign of 2017 caused losses in the region of £92m for the NHS, the government has revealed.

In a progress update titled Securing cyber resilience in health and care, the Department of Health and Social Care caveated the figures by saying they are only broad estimates.

Broken down further, around £19m was lost directly as a result of access to info and systems being unavailable, leading to cancelled appointments and similar.

Over 19,000 appointments and operations are said to have been cancelled as a result of WannaCry.

“It is anticipated that 1% of care was disrupted over a one week period, based upon an estimate of the average level of care provided by the NHS in a one week period,” the report explained. “It is estimated that there was approximately £19m of lost output. However demand for NHS services fluctuates, therefore this should only be considered an approximate estimate.”

A much larger £72m was lost in the aftermath with additional IT support drafted in to help restore data and systems.

“Assuming each of the 80 severely affected trusts would have required the equivalent of five days FTE additional resource of an IT specialist, the cost of IT support at the time of the attack would have been £0.5m,” the report explained.

“After the attack we have estimated an average level of resource required by organizations based upon their size and the severity of disruption. There were a few anecdotal reports of costs by individual organizations, but not enough data to make a robust estimate. Therefore the figures quoted below should be considered an approximate estimate.”

WannaCry is said to have disrupted services across one-third of hospital trusts and around 8% of GP practices.

Mollie MacDougall, threat intelligence manager at Cofense, argued that ransomware could have life-threatening consequences for patients.

“If there is one lesson healthcare organizations can learn from these trends, it is to have appropriate anti-phishing programs in place that build on existing security capabilities, to include augmenting incident response efforts with real-time human-intelligence,” she added.

“Phishing keeps proving itself to be a successful vehicle for delivering damaging malware like ransomware, and as threat actors continue to find ways to bypass automated defenses, so too must network users be educated and armed to be a successful last line of defense against them.”