A list of all cyber-attacks (both failed and successful) on NHS hospitals falling under your remit, in each year since 2015 (including broader cyber-attacks which include these hospitals). Where possible, please could you split the data as follows:
• Ideally, I am requesting only those cyber-attacks identified as or suspected of a) coming from a source within Russia or China; or b) emanating from any individual(s) or group(s) known to have, or suspected of having, links to the Russian or Chinese state. In each instance, please could you make clear which country the attack relates to.
• If this is not possible, please could you make clear whether an attack is thought to have come from inside/outside the UK.
In each instance, I am also requesting the following information:
• The severity of the attack, where it has been noted (e.g. low, medium, high).
• The outcome of successful attacks. For example: were documents stolen (and how many)? Was confidential data stolen (and how much)? Were any operations or other NHS processes cancelled or delayed as a result (and how many)?
• The cost to the NHS, where that cost is easily deductible/accessible. This could include but is not limited to a) delayed or cancelled operations, lost data, etc.; b) the security/staffing cost of defending against an attack; c) any consequent legal costs e.g. lawsuits filed successfully against the NHS as a result of personal data theft. If this part of the request is unduly onerous, please disregard.
