latest health care news

23.01.17

Exclusive: Rate of NHS cyber-attacks quadruples in just four years

While provider spending on cyber security measures has remained broadly stable since 2013-14, the rate of cyber-attacks suffered by trusts – even excluding unsuccessful attempts – has more than quadrupled in the past four years, an NHE investigation has found.

The Freedom of Information (FoI) investigation identified that spending across the 75 trusts and FTs that were able to provide this data showed investment in cyber security has, amongst them, broadly remained around the £18m mark since 2013.

However, cyber-attacks, including growing rates of ransomware threats, grew from 1,565 reported cases in 2013-14 to 7,178 so far this financial year. This data excludes recorded unsuccessful attempts, such as the hundreds of thousands of phishing emails trusts receive regularly.

The FoI request was sent to England’s 253 trusts and FTs. Of the 158 who responded (62.5%), a total of 125 providers agreed to supply their data on cyber-attacks, while 33 either withheld information or didn’t collect it altogether. Those that supplied their data revealed a worrying trend of rising attacks in the NHS, with figures more than quadrupling since 2013-14.

This is, however, also partly influenced by changing methods of data collection and a greater awareness amongst staff. For example, Staffordshire and Stoke-on-Trent NHS Trust said the 40 phishing emails detected so far in 2016-17 were mostly reported by staff due to an “increased effort to raise awareness of email security”.  

Other trusts also revealed that staff have to take part in monthly or yearly cyber security training, and trust communications are often sent out to advise employees on the dangers of attacks and growing rates of ransomware threats.

Nevertheless, the findings closely follow major incidents of cyber-attacks on the NHS which have recently made it to national news, most notably the ransomware attack on Barts Health this month – which forced the trust to take systems offline – and the attack on North Lincolnshire and Goole NHS FT in October.

The latter had to cancel around 2,800 patient appointments after being hit with what it later confirmed to NHE was a variant of ransomware called Globe2. Although the issue was eradicated and systems were up and running within 48 hours, police were called to investigate the issue.

“As the police regional cybercrime unit’s investigation is still in progress, it could be prejudicial to publish any further detail about the case, including the exact details of how the perpetrator gained access,” a North Lincolnshire spokesperson told NHE.

“However, we can confirm that recent publicly reported information alleging that access was gained through a USB stick or due to remote working have no grounding in fact. We can assure our patients and other stakeholders that we acted swiftly to enhance our existing cyber security but in order to maintain security and support the police investigation, we are unable to share specific information on the exact steps we have taken.”

But writing for the latest edition of NHE (January/February), NHS Digital’s head of security, Dan Taylor – who argues cyber-attacks “have and will affect patient care” – said that it’s more important to focus on how we can shut the “digital doors” of the NHS than focus on what specific variant the attack belonged to.

“I know, it’s stretching an analogy to breaking point, but if this was a burglary we’d want to know if the door was locked, whether the door had a known vulnerability or whether we’d closed the windows,” wrote Taylor. “Yes, ransomware is on the increase, but it’s just another threat, another piece of malware. Being cyber prepared means being secure against a variety of attack types.”

In Sheffield Teaching Hospital’s major ‘Information and Technology Strategy 2020’, published in December, the foundation trust made clear that the “significance of cyber security in the modern world cannot be overestimated” – especially in the NHS, a bigger target due to its wealth of valuable data.

“The benefits of moving towards an electronic NHS are significant, however doing this safely in a way that patient data is secure and the provision of care is not interrupted is becoming increasingly complicated,” the strategy said.

“The threats posed by cybercriminals means that we must address any vulnerabilities we may have. In a healthcare setting, the effects resulting from a cyber-attack can be devastating.”

Find Taylor’s top tips for preventing cyber-attacks and developing digital maturity in the Jan/Feb edition of NHE, alongside in-depth coverage of our FoI investigation.

To view the complete results of the FoI investigation, please get in touch with editorial@nationalhealthexecutive.com.

Comments

There are no comments. Why not be the first?

Add your comment

 

national health executive tv

more videos >

featured articles

View all News

last word

Foreign patient charges are a distraction from the real issues

Foreign patient charges are a distraction from the real issues

Vivek Kotecha, research officer at the Centre for Health and the Public Interest (CHPI), explains why the charging of foreign patients distracts from our home-grown NHS issues.  The Depart more > more last word articles >

health service focus

View all News

comment

A single approach for purchasing HCTEDs

11/04/2017A single approach for purchasing HCTEDs

Andy Leary, finance director of specialised commissioning (National) at NHS... more >
Filling the void and standardising security

07/04/2017Filling the void and standardising security

Jayne King, chair of the National Association for Healthcare Security (NAHS... more >

interviews

Tight timetable for nursing associate  regulation

28/03/2017Tight timetable for nursing associate regulation

Jackie Smith, chief executive at the Nursing and Midwifery Council (NMC), t... more >
681 149x260 NHE Subscribe button

the scalpel's daily blog

Labour’s pledge to raise wages for ‘underpaid and overworked’ NHS staff

26/04/2017Labour’s pledge to raise wages for ‘underpaid and overworked’ NHS staff

Shadow health secretary Jonathan Ashworth will today outline a major campaign pledge to axe the NHS pay cap, saying that staff are “underpaid and overworked”. ... more >
read more blog posts from 'the scalpel' >

healthcare events

events calendar

back

April 2017

forward
mon tue wed thu fri sat sun
27 28 29 30 31 1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
1 2 3 4 5 6 7

editor's comment

22/03/2017New additions and unexpected announcements

As NHE went to press, many of us were still recovering from the chancellor’s unexpected health announcements in his last Spring Budget.   While the sector welcomed Philip Hammond’s revelations, centered on capital funding for advanced sustainability and transformation plans (STPs) and A&E triage schemes (page 24), the government failed to address the funding gap still facing the NHS.   Even the £2bn social care windfall, which Treasury has... read more >