Every single one of the 200 NHS trusts so far assessed for cyber security resilience has failed an onsite assessment, MPs on the Public Accounts Committee were told yesterday.
There is no timeline on when the remaining thirty-six will be checked over.
In a hearing about the WannaCry incident last June, entitled "Cyber-attack on the NHS", Rob Shaw, deputy chief exec of NHS Digital, denied it was the case that those bodies who didn't get a passing grade had not done anything over cyber security.
Some of them have failed purely on patching, which is what the vulnerability was around Wannacry."
He added: "Some of them need to do a considerable amount of work, but a number of them are on a journey [to] meeting that requirement."
Will Smart, chief information officer at NHS Improvement, said that since the incident £21m has been invested in improved cybersecurity, while another £150m has been identified to improve national systems and resilience over the next two years.