Skip to main content
Creating a new NHS England: NHS England and NHS Digital merged on 1 February 2023. More about the merger.

UPDATED Statement on reported NHS cyber-attack - 13 May

We are continuing to work around the clock to support NHS organisations that have reported any issue due to yesterday's cyber-attack.

We have received no reports of patient data being compromised.

We are not publishing a list of those we are assisting at this stage; given the situation is changing and impacting organisations in a range of different ways. For instance we are aware some bodies, which range from practices to trusts, may have suspended selected systems purely as a precautionary measure.

We are aware of widespread speculation about the use of Microsoft Windows XP by NHS organisations, who commission IT systems locally depending on population need.

While the vast majority are running contemporary systems, we can confirm that the number of devices within the NHS that reportedly use XP has fallen to 4.7 per cent, with this figure continuing to decrease.

This may be because some expensive hardware (such as MRI scanners) cannot be updated immediately, and in such instances organisations will take steps to mitigate any risk, such as by isolating the device from the main network.

Our focus remains on assisting organisations, working closely with the National Cyber Security Centre, the Department of Health, NHS England and NHS Improvement.



NHS Digital delivers a range of data security services that support NHS organisations to take appropriate cyber security measures and help them to respond effectively and safely to cyber security threats. These include:


  •  broadcasting information to NHS organisations about known cyber security threats and appropriate steps to take to minimise these risks, as was the case with this incident.
  •  protective real time monitoring of national NHS IT services and systems, which have all been designed to have strong security measures.
  •  undertaking free cyber security testing for NHS organisations and give them bespoke advice about appropriate steps they can take.
  •  training for health and care staff designed to ensure frontline workers are aware of their own responsibility towards ensuring cyber security in their organisations, and that they know the simple steps that they can take to help to keep their organisation secure.





For reference: statement made on 12 May 2017


Statement on reported NHS cyber attack


A number of NHS organisations have reported to NHS Digital that they have been affected by a ransomware attack.

The investigation is at an early stage but we believe the malware variant is Wanna Decryptor.

This attack was not specifically targeted at the NHS and is affecting organisations from across a range of sectors.

At this stage we do not have any evidence that patient data has been accessed.

NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected.

Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.


Notes to editors

As at 15.30, 16 NHS organisations had reported that they were affected by this issue

Last edited: 11 April 2018 6:39 pm