NHS IT, Records and Data

18.04.18

Cyber security plans impossible as NHS still in dark about WannaCry

The WannaCry cyber-attack on 12 May 2017 was a wake-up call for the NHS and the Department of Health and Social Care (DHSC) must now act on priorities by June this year, the Public Accounts Committee (PAC) has argued.

The attack caused widespread disruption to health services, with more than a third of trusts affected by the ransomware. The NHS had to cancel almost 20,000 hospital appointments and operations as patients were diverted from the five A&E departments that were unable to treat them.

If the attack had not happened on a Friday afternoon in the summer and the kill switch to stop the virus spreading had not been found relatively quickly, then the disruption could have been much worse, MPs claimed.

PAC said the DHSC and its arm’s-length bodies were unprepared for the relatively unsophisticated WannaCry threat and that they had not shared and tested plans for responding to a cyber-attack, nor had any trust passed a cyber security inspection.

To make matters worse, the department still does not know what financial impact the WannaCry cyber-attack had on the NHS, which is hindering its ability to target its investment in cyber security.

The committee said that, even though lessons have been learnt from the attack, the department and NHS bodies have a lot of work to do to improve cyber-security for when, and not if, there is another attack.

MPs urged the DHSC to provide the committee with an update by the end of June at the latest.

PAC chair Meg Hillier said: “The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cyber security and response plans of the NHS.

“Government must get a grip on the vulnerabilities of and challenges facing local organisations, as well as the financial implications of WannaCry and future attacks across the NHS. Cyber security investment cannot be properly targeted unless this information is collected and understood.”

Meanwhile, Hillier added, this case should serve as a warning to the whole of government: a “foretaste of the devastation that could be wrought by a more malicious and sophisticated attack.”  When this comes, the UK must be ready, she argued.

Responding to the report, the director of development and operations at NHS Providers, Ben Clacy, said: “The PAC rightly acknowledges that lessons have been learned by the NHS bodies and the DHSC, including how they communicate with trusts and the public. Trusts have also taken further steps to ensure they are applying software patches and keeping anti-virus software up to date.

“However, with no indication that there will be the capital available to carry out the required upgrades and changes, progress is being hampered. Cyber security must be a priority so it is vital that the capital investment needed is protected from plugging gaps in day to day spending.” 

Clacy concluded: “It is also worth remembering that this attack was not specific to the NHS. It affected thousands of computers in hundreds of countries.”

Comments

There are no comments. Why not be the first?

Add your comment

 

national health executive tv

more videos >

latest healthcare news

NHS wins landmark drug ruling which could save millions of pounds

21/09/2018NHS wins landmark drug ruling which could save millions of pounds

The NHS has won a landmark legal battle which could save the health service “hundreds of millions a year” after defeating two interna... more >
Partnership forged between pharma body and academic health network in new five-year deal

21/09/2018Partnership forged between pharma body and academic health network in new five-year deal

A new five-year partnership aimed at accelerating the introduction and uptake of transformative biomedical innovations in the NHS has been agreed... more >
Trust chief executive resigns amidst infanticide investigation

21/09/2018Trust chief executive resigns amidst infanticide investigation

The chief executive of the Countess of Chester Hospital FT (COCH) has resigned amid an ongoing police investigation into eight baby deaths in its... more >

editor's comment

25/09/2017A hotbed of innovation

This edition of NHE comes hot on the heels of this year’s NHS Expo which, once again, proved to be a huge success at Manchester Central. A number of announcements were made during the event, with the health secretary naming the second wave of NHS digital pioneers, or ‘fast followers’, which follow the initial global digital exemplars who were revealed at the same show 12 months earlier.  Jeremy Hunt also stated th... read more >

last word

Hard to be optimistic

Hard to be optimistic

Rachel Power, chief executive of the Patients Association, warns that we must be realistic about the very real effects of continued underfunding across the health service. It’s now bey... more > more last word articles >

the scalpel's daily blog

Lord Darzi: Seize the opportunity

19/09/2018Lord Darzi: Seize the opportunity

Professor the Lord Darzi of Denham is the Paul Hamlyn chair of surgery at Imperial College, a surgeon working in the NHS and, from 2007-09, was health minister under Labour. Here, he highlights the importance of innovation in the NHS, and the exciting prospects it might bring if we’re brave enough to seize the opportunities ahead. S... more >
read more blog posts from 'the scalpel' >

comment

The Hospital Energy Project

19/09/2018The Hospital Energy Project

The Hospital Energy Project is an ambitious engineering scheme to replace outdated systems at Oxford University NHS FT’s hospitals and redu... more >
Social media's role in health

19/09/2018Social media's role in health

Social media has a massive role to play in health – infection prevention and control in particular, write Brett Mitchell, professor of nurs... more >
Dickson: Hancock finds an NHS in need of digital rebirth

19/09/2018Dickson: Hancock finds an NHS in need of digital rebirth

Niall Dickson, chief executive of the NHS Confederation, takes a look at Matt Hancock's priorities and agenda around workforce, technology and pr... more >
GDEs: Never stop learning

19/09/2018GDEs: Never stop learning

Paul Charnley, director of IT and information at Wirral University Teaching Hospital NHS FT, discusses what his organisation has learnt from bein... more >

interviews

Duncan Selbie: A step on the journey to population health

24/01/2018Duncan Selbie: A step on the journey to population health

The NHS plays a part in the country’s wellness – but it’s far from being all that matters. Duncan Selbie, chief executive of Pu... more >
Cutting through the fake news

22/11/2017Cutting through the fake news

In an era of so-called ‘fake news’ growing alongside a renewed focus on reducing stigma around mental health, Paul Farmer, chief exec... more >
Tackling infection prevention locally

04/10/2017Tackling infection prevention locally

Dr Emma Burnett, a lecturer and researcher in infection prevention at the University of Dundee’s School of Nursing and Midwifery and a boar... more >
Scan4Safety: benefits across the whole supply chain

02/10/2017Scan4Safety: benefits across the whole supply chain

NHE interviews Gillian Fox, head of eProcurement (Scan4Safety) programme at NHS Supply Chain. How has the Scan4Safety initiative evolved sin... more >

health service focus

View all News