NHS IT, Records and Data

18.04.18

Cyber security plans impossible as NHS still in dark about WannaCry

The WannaCry cyber-attack on 12 May 2017 was a wake-up call for the NHS and the Department of Health and Social Care (DHSC) must now act on priorities by June this year, the Public Accounts Committee (PAC) has argued.

The attack caused widespread disruption to health services, with more than a third of trusts affected by the ransomware. The NHS had to cancel almost 20,000 hospital appointments and operations as patients were diverted from the five A&E departments that were unable to treat them.

If the attack had not happened on a Friday afternoon in the summer and the kill switch to stop the virus spreading had not been found relatively quickly, then the disruption could have been much worse, MPs claimed.

PAC said the DHSC and its arm’s-length bodies were unprepared for the relatively unsophisticated WannaCry threat and that they had not shared and tested plans for responding to a cyber-attack, nor had any trust passed a cyber security inspection.

To make matters worse, the department still does not know what financial impact the WannaCry cyber-attack had on the NHS, which is hindering its ability to target its investment in cyber security.

The committee said that, even though lessons have been learnt from the attack, the department and NHS bodies have a lot of work to do to improve cyber-security for when, and not if, there is another attack.

MPs urged the DHSC to provide the committee with an update by the end of June at the latest.

PAC chair Meg Hillier said: “The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cyber security and response plans of the NHS.

“Government must get a grip on the vulnerabilities of and challenges facing local organisations, as well as the financial implications of WannaCry and future attacks across the NHS. Cyber security investment cannot be properly targeted unless this information is collected and understood.”

Meanwhile, Hillier added, this case should serve as a warning to the whole of government: a “foretaste of the devastation that could be wrought by a more malicious and sophisticated attack.”  When this comes, the UK must be ready, she argued.

Responding to the report, the director of development and operations at NHS Providers, Ben Clacy, said: “The PAC rightly acknowledges that lessons have been learned by the NHS bodies and the DHSC, including how they communicate with trusts and the public. Trusts have also taken further steps to ensure they are applying software patches and keeping anti-virus software up to date.

“However, with no indication that there will be the capital available to carry out the required upgrades and changes, progress is being hampered. Cyber security must be a priority so it is vital that the capital investment needed is protected from plugging gaps in day to day spending.” 

Clacy concluded: “It is also worth remembering that this attack was not specific to the NHS. It affected thousands of computers in hundreds of countries.”

Comments

There are no comments. Why not be the first?

Add your comment

 

national health executive tv

more videos >

latest healthcare news

Two NHS trusts spent a third of the year on highest ‘Opel 4’ pressure alert

12/12/2018Two NHS trusts spent a third of the year on highest ‘Opel 4’ pressure alert

Two NHS trusts spent more than a third of the year under extreme pressure and on the highest level of alert. An investigation by the BBC fou... more >
Financially struggling NHS trust appoints fifth chief executive in just five years

12/12/2018Financially struggling NHS trust appoints fifth chief executive in just five years

The financially troubled West Hertfordshire Hospitals NHS Trust has appointed Christen Allen as its newest chief executive – marking its fi... more >
Quarter of trusts spent no money on cyber security last year as NHS’s ‘alarming’ cyber training inconsistencies revealed

12/12/2018Quarter of trusts spent no money on cyber security last year as NHS’s ‘alarming’ cyber training inconsistencies revealed

One in four NHS trusts in England and Wales are spending no money on specialist cyber security or training and trusts are consistently failing to... more >

editor's comment

25/09/2017A hotbed of innovation

This edition of NHE comes hot on the heels of this year’s NHS Expo which, once again, proved to be a huge success at Manchester Central. A number of announcements were made during the event, with the health secretary naming the second wave of NHS digital pioneers, or ‘fast followers’, which follow the initial global digital exemplars who were revealed at the same show 12 months earlier.  Jeremy Hunt also stated th... read more >

last word

Hard to be optimistic

Hard to be optimistic

Rachel Power, chief executive of the Patients Association, warns that we must be realistic about the very real effects of continued underfunding across the health service. It’s now bey... more > more last word articles >

the scalpel's daily blog

The robots are here at East Suffolk and North Essex

12/12/2018The robots are here at East Suffolk and North Essex

Lauren Hockney, senior communications officer at East Suffolk and North Essex NHS FT (ESNEFT), outlines how her trust is embracing the digital and automation revolution. Robots have arrived at the ESNEFT, and they are giving back hundreds of hours to staff so they can spend more time helping patients. The trust, which includes Colche... more >
read more blog posts from 'the scalpel' >

comment

Creating a volunteer 'passport'

12/12/2018Creating a volunteer 'passport'

By utilising the health service’s volunteers, we can deliver better care for everyone, argues Kay Fawcett OBE, clinical project lead at Hel... more >
Right people, right place, right now

12/12/2018Right people, right place, right now

Sean Duggan, chief executive of the Mental Health Network, raises concerns around the mental health workforce and shares some best practice from ... more >
Breaking down barriers to integration

12/12/2018Breaking down barriers to integration

Anne Marie Morris, member of the Public Accounts Committee (PAC) and MP for Newton Abbott, outlines the committee’s recent report on the ba... more >
An attack on them is an attack on us all

12/12/2018An attack on them is an attack on us all

Chris Bryant MP discusses the new law he championed that came into effect in September, which doubles jail time for anyone who assaults emergency... more >

interviews

How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

24/10/2018How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

A dedicated national social care service could be a potential solution to surging demand burdening acute health providers over the winter months,... more >
RCP president on new Liverpool college building: ‘This will be a hub for clinicians in the north’

24/10/2018RCP president on new Liverpool college building: ‘This will be a hub for clinicians in the north’

The president of the Royal College of Physicians (RCP) has told NHE that the college’s new headquarters based in Liverpool will become a hu... more >
Duncan Selbie: A step on the journey to population health

24/01/2018Duncan Selbie: A step on the journey to population health

The NHS plays a part in the country’s wellness – but it’s far from being all that matters. Duncan Selbie, chief executive of Pu... more >
Cutting through the fake news

22/11/2017Cutting through the fake news

In an era of so-called ‘fake news’ growing alongside a renewed focus on reducing stigma around mental health, Paul Farmer, chief exec... more >

health service focus

View all News