NHS is still under-investing in security

In May 2017, hospital trusts around the UK were hit by the WannaCry ransomware virus. As a result, doctors were forced to cancel an average of 19,000 appointments, leaving the health service with a whopping bill of £93 million. What’s more, the incident prompted the government to pledge £150 million towards improving security within the health service.

According to a recent report, however, many trusts are yet to invest more in security. At Imperial College London, researchers are expressing concerns that despite progress being made since the attack, out-dated computer systems, lack of investment and a deficit of skills and cyber awareness means that many hospitals continue to be vulnerable to attacks.

“Since the WannaCry attack in 2017, awareness of cyber-attack risk has significantly increased,” said Dr Saira Ghafur, lead author of the report. “However we still need further initiatives and awareness, and improved cybersecurity ‘hygiene’ to counteract the clear and present danger these incidents represent.”

The report warns that the continuation of ransomware attacks could once again leave medical staff with no access to their systems and unable to provide patient care. However, it also warned that new attacks could compromise life-saving medical equipment or lead to the theft of patient data.

The authors of the report made it known that the launch of NHSX, a new technology founded by health secretary Matt Hancock, would be given the task of clarifying which individuals in the NHS are responsible for cybersecurity.

Although the National Cyber Security Centre has provided NHS trusts with assistance in the past and NHS Digital offers technical advice, hospitals are responsible for their own security setup. According to the report, trusts should be allocating funding towards employing cybersecurity experts and introduce firewalls to contain the attacks in order to mitigate the threat.

Lord Darzi, the head of Imperial’s Institute of Global Health Innovation, said: “We are in the midst of a technological revolution that is transforming the way we deliver and receive care. But as we become increasingly reliant on technology in healthcare, we must address the emerging challenges that arise in parallel.”

A spokesperson for NHSX commented: “The NHS is determined to keep its systems safe from cyber attack and every part of the NHS is given clear direction to protect their own systems and the information they hold whilst nationally cyber defences are in place, led by NHS Digital working closely with the National Cyber Security Centre.

“There is still much to do, which is why an extra £150m is boosting hospital defences alongside a national deal on Microsoft licences and NHSX will be setting national strategy and mandating cybersecurity standards so that local NHS and social care systems have security designed in from the start.”

Join us for ECS UK

Join Whitehall Media’s 4th Enterprise Cyber Security conference on the 24th September where we bring together hundreds of cybersecurity and InfoSec specialists from both the public and private sector committed to protecting the largest organisations from a growing cyber threat. Covering secure systems, new threats and defences and the ways organisations can adapt to provide the best possible security for their customers and employees.