Comment

02.05.18

Is the NHS ready for another WannaCry?

Source: NHE March/April 2018

NHE’s Seamus McDonnell on the plans put in place to protect trusts and other NHS organisations from potential future cyber-attacks.

In May 2017, the NHS’s cyber protection plans were thrust into the limelight after a ransomware programme called WannaCry exposed the weaknesses in current systems – but, nearly a year later, there are still no trusts able to pass NHS Digital’s security inspections.

Out of 200 trusts assessed by the organisation in February 2018, not one was up to the standards set by inspectors, prompting fears the system could be unprepared for a similar kind of attack.

The revelation came at a Public Accounts Committee inquiry where NHS Digital’s deputy chief executive, Rob Shaw, told ministers there was still a “considerable amount” of work left to do to reach standards for cyber security.

Shaw explained that the issue was around ‘patching,’ but reassured ministers that the standards set by the country’s national data guardian, Dame Fiona Caldicott, would take time to reach.

“The amount of effort it takes from NHS providers in such a complex estate to reach the ‘Cyber Essentials Plus’ standard that we assess against, as per the recommendation in Caldicott’s report, is quite a high bar,” he added.

“So, some of them have failed purely on patching, which was the vulnerability around WannaCry.”

The WannaCry attack that began on 12 May is thought to have affected 81 trusts across the country, as well as computers at almost 600 GP surgeries. In total there could have been up to 70,000 devices infected, according to the National Audit Office (NAO).

The programme locked users out of their machines and demanded $300 in return for access to the computer’s hard drive, throwing a number of trusts into turmoil and forcing nearly 7,000 appointments to be cancelled across England.

Despite greater preparations, there are still fears that the systems in place may not be able to support the NHS should a major cyber-attack hit trusts again, especially considering the service had already been warned of a potential future incident up to a year before WannaCry occurred.

A report written by the NAO in October last year scolded the Department of Health and Social Care and NHS England for not doing enough to prepare for the threat, arguing that there was no formal mechanism in place to ensure trusts conformed with guidelines and moved away from outdated operating systems like Windows XP.

The criticism, combined with the WannaCry attack itself, has prompted the government to impose much stricter guidelines and assessments on the capability of NHS bodies.

Shaw, who has served as both chief operating officer and interim chief executive since joining NHS Digital in April 2016, said his organisation had inspected 200 trusts since the attack, a significant rise on the approximately 90 trusts assessed before the incident.

“I always take it better to have information, to know where your vulnerabilities are, so that you can do something about it rather than hope that you will be okay when you do get an attack,” he explained. “These vulnerability reports go back to the trusts and their trust boards to be able to work out how they can then do mitigation.

“Some need to do quite a considerable amount of work, but a number of them are already on the journey that will take them towards meeting that requirement.”

The increasing number of assessments must be a positive, and Shaw’s attitude to their improvement seems to show an overall development in the quality of cyber protection – but, with none of these organisations passing their tests, it is not clear whether the system is truly prepared quite yet.

 

Enjoying NHE? Subscribe here to receive our weekly news updates or click here to receive a copy of the magazine!

Comments

There are no comments. Why not be the first?

Add your comment

 

national health executive tv

more videos >

latest healthcare news

Councillors fear identity crisis following CCG merger

22/06/2018Councillors fear identity crisis following CCG merger

Members of one of Kent’s leading councils have voiced their concerns against an upcoming merger between CCGs in the area. Cllr Wendy P... more >
Top NHS England boss to leave the organisation

22/06/2018Top NHS England boss to leave the organisation

NHS England’s chief financial officer will leave the post after 11 years. Paul Baumann CBE, who joined NHS London in 2007, and took up... more >
Most urgent primary care services ‘good’ or ‘outstanding’

22/06/2018Most urgent primary care services ‘good’ or ‘outstanding’

Over eight in 10 primary care services are providing good care, despite mounting work force and commissioning pressures, the CQC has said. A... more >
681 149x260 NHE Subscribe button

the scalpel's daily blog

The impact of NICE on cardiovascular disease prevention

06/06/2018The impact of NICE on cardiovascular disease prevention

Professor Gillian Leng, deputy chief executive and director Health and Social Care at NICE, looks into what can be done to decrease cardiovascular disease nationally and how to prevent missed opportunities in the future. Cardiovascular disease (CVD) accounts for just over a quarter of deaths and affects around 7 million people in the UK. Risk factors for CVD include smoking, obesity, mental illness, physical inactivity, and long-term fa... more >
read more blog posts from 'the scalpel' >

interviews

Duncan Selbie: A step on the journey to population health

24/01/2018Duncan Selbie: A step on the journey to population health

The NHS plays a part in the country’s wellness – but it’s far from being all that matters. Duncan Selbie, chief executive of Pu... more >
Cutting through the fake news

22/11/2017Cutting through the fake news

In an era of so-called ‘fake news’ growing alongside a renewed focus on reducing stigma around mental health, Paul Farmer, chief exec... more >
Tackling infection prevention locally

04/10/2017Tackling infection prevention locally

Dr Emma Burnett, a lecturer and researcher in infection prevention at the University of Dundee’s School of Nursing and Midwifery and a boar... more >
Scan4Safety: benefits across the whole supply chain

02/10/2017Scan4Safety: benefits across the whole supply chain

NHE interviews Gillian Fox, head of eProcurement (Scan4Safety) programme at NHS Supply Chain. How has the Scan4Safety initiative evolved sin... more >

last word

Hard to be optimistic

Hard to be optimistic

Rachel Power, chief executive of the Patients Association, warns that we must be realistic about the very real effects of continued underfunding across the health service. It’s now bey... more > more last word articles >

editor's comment

25/09/2017A hotbed of innovation

This edition of NHE comes hot on the heels of this year’s NHS Expo which, once again, proved to be a huge success at Manchester Central. A number of announcements were made during the event, with the health secretary naming the second wave of NHS digital pioneers, or ‘fast followers’, which follow the initial global digital e... read more >

health service focus

Isosec launches first Virtual Smartcard to revolutionise NHS authentication

12/02/2018Isosec launches first Virtual Smartcard to revolutionise NHS authentication

ADVERTISEMENT FEATURE A new virtual smartc... more >
Health creation is here to stay

09/02/2018Health creation is here to stay

NHE’s Sacha Rowlands speaks to Michael ... more >