latest health care news

18.04.18

Cyber security plans impossible as NHS still in dark about WannaCry

The WannaCry cyber-attack on 12 May 2017 was a wake-up call for the NHS and the Department of Health and Social Care (DHSC) must now act on priorities by June this year, the Public Accounts Committee (PAC) has argued.

The attack caused widespread disruption to health services, with more than a third of trusts affected by the ransomware. The NHS had to cancel almost 20,000 hospital appointments and operations as patients were diverted from the five A&E departments that were unable to treat them.

If the attack had not happened on a Friday afternoon in the summer and the kill switch to stop the virus spreading had not been found relatively quickly, then the disruption could have been much worse, MPs claimed.

PAC said the DHSC and its arm’s-length bodies were unprepared for the relatively unsophisticated WannaCry threat and that they had not shared and tested plans for responding to a cyber-attack, nor had any trust passed a cyber security inspection.

To make matters worse, the department still does not know what financial impact the WannaCry cyber-attack had on the NHS, which is hindering its ability to target its investment in cyber security.

The committee said that, even though lessons have been learnt from the attack, the department and NHS bodies have a lot of work to do to improve cyber-security for when, and not if, there is another attack.

MPs urged the DHSC to provide the committee with an update by the end of June at the latest.

PAC chair Meg Hillier said: “The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cyber security and response plans of the NHS.

“Government must get a grip on the vulnerabilities of and challenges facing local organisations, as well as the financial implications of WannaCry and future attacks across the NHS. Cyber security investment cannot be properly targeted unless this information is collected and understood.”

Meanwhile, Hillier added, this case should serve as a warning to the whole of government: a “foretaste of the devastation that could be wrought by a more malicious and sophisticated attack.”  When this comes, the UK must be ready, she argued.

Responding to the report, the director of development and operations at NHS Providers, Ben Clacy, said: “The PAC rightly acknowledges that lessons have been learned by the NHS bodies and the DHSC, including how they communicate with trusts and the public. Trusts have also taken further steps to ensure they are applying software patches and keeping anti-virus software up to date.

“However, with no indication that there will be the capital available to carry out the required upgrades and changes, progress is being hampered. Cyber security must be a priority so it is vital that the capital investment needed is protected from plugging gaps in day to day spending.” 

Clacy concluded: “It is also worth remembering that this attack was not specific to the NHS. It affected thousands of computers in hundreds of countries.”

Comments

There are no comments. Why not be the first?

Add your comment

national health executive tv

more videos >

featured articles

View all News

last word

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad, president of the Association of the British Pharmaceutical Industry (ABPI), sits down with National Health Executive as part of our Last Word Q&A series. Would you talk us throu more > more last word articles >

health service focus

View all News

comment

NHS England dementia director prescribes rugby for mental health and dementia patients

23/09/2019NHS England dementia director prescribes rugby for mental health and dementia patients

Reason to celebrate as NHS says watching rugby can be good for your mental ... more >
Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Bei... more >

interviews

Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

24/10/2019Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

Today, speaking at the Royal College of General Practitioners (RCGP) annual... more >

the scalpel's daily blog

Covid-19 can signal a new deal with the public on health

28/08/2020Covid-19 can signal a new deal with the public on health

Danny Mortimer, Chief Executive, NHS Employers & Deputy Chief Executive, NHS Confederation The common enemy of coronavirus united the public side by side wi... more >
read more blog posts from 'the scalpel' >