06.02.18
NHS cyber-attack fears return as all tested trusts fail assessments
None of the trusts tested for cyber security vulnerabilities have passed inspection, NHS Digital bosses have revealed today.
Out of 200 trusts assessed, not one was up to the standards set by inspectors, prompting fears the system could be unprepared for an attack similar to last year’s WannaCry incident.
The revelation came at a meeting of the Public Accounts Committee (PAC) where NHS Digital deputy chief executive Rob Shaw, said there was still a “considerable amount” of work left to do to reach standards for cyber security.
Shaw explained that the issue was around ‘patching’ but reassured ministers that the standards set by the county’s digital guardian, Dame Fiona Caldicott, would take time to reach.
He added: “The amount of effort it takes from NHS Providers in such a complex estate to reach the ‘cyber essentials plus standard’, that we assess against as per the recommendation in Dame Fiona Caldicott’s report, is quite a high bar.
“So, some of them have failed purely on patching which is what the vulnerability was around WannaCry.”
The WannaCry attack that began on May 12 is thought to have affected 81 trusts across the country, plus computers at almost 600 GP surgeries, according to the National Audit Office (NAO).
The programme locked users out of their machines and demanded $300 in return for access to the computer’s hard drive.
Shaw said NHS Digital had made inspections into 200 trusts since the attack, a significant rise on approximately 90 trusts assessed before the incident.
“I always take it better to have information to know where your vulnerabilities are so that you can do something about it rather than hope that you will be okay when you do get an attack,” he explained.
“So, these vulnerability reports go back to the trusts and their trust boards to be able to work out how they can then do mitigation.
“Some need to do quite a considerable amount of work but a number of them are already on the journey that will take them towards meeting that requirement.”
Top image: scyther5
Have you got a story to tell? Would you like to become an NHE columnist? If so, click here.