Comment

02.05.18

Is the NHS ready for another WannaCry?

Source: NHE March/April 2018

NHE’s Seamus McDonnell on the plans put in place to protect trusts and other NHS organisations from potential future cyber-attacks.

In May 2017, the NHS’s cyber protection plans were thrust into the limelight after a ransomware programme called WannaCry exposed the weaknesses in current systems – but, nearly a year later, there are still no trusts able to pass NHS Digital’s security inspections.

Out of 200 trusts assessed by the organisation in February 2018, not one was up to the standards set by inspectors, prompting fears the system could be unprepared for a similar kind of attack.

The revelation came at a Public Accounts Committee inquiry where NHS Digital’s deputy chief executive, Rob Shaw, told ministers there was still a “considerable amount” of work left to do to reach standards for cyber security.

Shaw explained that the issue was around ‘patching,’ but reassured ministers that the standards set by the country’s national data guardian, Dame Fiona Caldicott, would take time to reach.

“The amount of effort it takes from NHS providers in such a complex estate to reach the ‘Cyber Essentials Plus’ standard that we assess against, as per the recommendation in Caldicott’s report, is quite a high bar,” he added.

“So, some of them have failed purely on patching, which was the vulnerability around WannaCry.”

The WannaCry attack that began on 12 May is thought to have affected 81 trusts across the country, as well as computers at almost 600 GP surgeries. In total there could have been up to 70,000 devices infected, according to the National Audit Office (NAO).

The programme locked users out of their machines and demanded $300 in return for access to the computer’s hard drive, throwing a number of trusts into turmoil and forcing nearly 7,000 appointments to be cancelled across England.

Despite greater preparations, there are still fears that the systems in place may not be able to support the NHS should a major cyber-attack hit trusts again, especially considering the service had already been warned of a potential future incident up to a year before WannaCry occurred.

A report written by the NAO in October last year scolded the Department of Health and Social Care and NHS England for not doing enough to prepare for the threat, arguing that there was no formal mechanism in place to ensure trusts conformed with guidelines and moved away from outdated operating systems like Windows XP.

The criticism, combined with the WannaCry attack itself, has prompted the government to impose much stricter guidelines and assessments on the capability of NHS bodies.

Shaw, who has served as both chief operating officer and interim chief executive since joining NHS Digital in April 2016, said his organisation had inspected 200 trusts since the attack, a significant rise on the approximately 90 trusts assessed before the incident.

“I always take it better to have information, to know where your vulnerabilities are, so that you can do something about it rather than hope that you will be okay when you do get an attack,” he explained. “These vulnerability reports go back to the trusts and their trust boards to be able to work out how they can then do mitigation.

“Some need to do quite a considerable amount of work, but a number of them are already on the journey that will take them towards meeting that requirement.”

The increasing number of assessments must be a positive, and Shaw’s attitude to their improvement seems to show an overall development in the quality of cyber protection – but, with none of these organisations passing their tests, it is not clear whether the system is truly prepared quite yet.

 

Enjoying NHE? Subscribe here to receive our weekly news updates or click here to receive a copy of the magazine!

Comments

There are no comments. Why not be the first?

Add your comment

 

national health executive tv

more videos >

latest healthcare news

Minister for Care publishes adult social winter plan

21/09/2020Minister for Care publishes adult social winter plan

The Minister for Care, Helen Whatley, has today (21st Sept) published a letter to local authorities in relation to the adult social care winter p... more >
Improving the quality of end of life care through better planning, support

21/09/2020Improving the quality of end of life care through better planning, support

Judith Richardson, Acting Director for Health and Social Care, NICE Around half a million people die in England each year. With an ageing po... more >
Health services vital in rebuilding local economies after Covid-19

21/09/2020Health services vital in rebuilding local economies after Covid-19

Michael Wood, Head of Health Economic Partnerships, NHS Confederation It’s impossible to switch on the news without hearing about how ... more >

the scalpel's daily blog

Improving the quality of end of life care through better planning, support

21/09/2020Improving the quality of end of life care through better planning, support

Judith Richardson, Acting Director for Health and Social Care, NICE Around half a million people die in England each year. With an ageing population, the annual number of deaths is projected to increase. In addition, the Covid-19 pandemic has led to an increase in the excess death rate. It is important that we identify effective, supportive, and palliative care needs throughout the last phase of life to ensure that people live well unti... more >
read more blog posts from 'the scalpel' >

interviews

Organ Donation Week: Having the conversation

11/09/2020Organ Donation Week: Having the conversation

As part of Organ Donation Week, NHE’s Matt Roberts spoke with our Managing Director Roy Rowlands about the importance of raising aware... more >
Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

24/10/2019Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

Today, speaking at the Royal College of General Practitioners (RCGP) annual conference, Matt Hancock highlighted what he believes to be the three... more >
NHS dreams come true for Teesside domestic

17/09/2019NHS dreams come true for Teesside domestic

Over 20 years ago, a Teesside hospital cleaner put down her mop and took steps towards her midwifery dreams. Lisa Payne has been delivering ... more >
How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

24/10/2018How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

A dedicated national social care service could be a potential solution to surging demand burdening acute health providers over the winter months,... more >

last word

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad, president of the Association of the British Pharmaceutical Industry (ABPI), sits down with National Health Executive as part of our Last Word Q&A series. Would you talk us th... more > more last word articles >

editor's comment

26/06/2020Adapting and Innovating

Matt Roberts, National Health Executive Editorial Lead. NHE May/June 2020 Edition We’ve been through so much as a health sector and a society in recent months with coronavirus and nothing can take away from the loss and difficulties that we’ve faced but it vital we also don’t disregard the amazing efforts we’v... read more >

health service focus

‘We are the NHS’: NHS England publish newest People Plan

30/07/2020‘We are the NHS’: NHS England publish newest People Plan

NHS England has published its People Plan for... more >
How NHS Property Services adapted to a new way of working

01/07/2020How NHS Property Services adapted to a new way of working

From May/June 2020 edition Trish Stephen... more >