NHS ransomware attack response condemned

April 19, 2018


The government and NHS organizations have been criticized by MPs for failing to apply measures to increase cyber-security approximately a year after a major ransomware attack on the facility.

Twenty-two recommendations were made following the WannaCry attack resulted in almost 20,000 annulled hospital appointments.

The Public Accounts Committee said it was “disturbing” these measures had still not been implemented.

The government said cyber-security in the NHS had enhanced since the attack.

The PAC account found the Division of Health and Social Care (DHSC) and NHS organizations had been “unprepared” for the international WannaCry attack, which occurred in May and impacted over and above 200,000 computers in no less than 100 countries.

‘Serious weaknesses’

A total of 80 of 236 NHS trusts throughout England experienced interruption, in addition to another 603 NHS organizations, including 595 GP practices.

MPs stated the attack might have been “much worse” and the NHS had been “fortunate” the danger had been faced swiftly.

However, they alerted future attacks might be more stylish and hateful, “leading to the theft or compromise of patient data”.

In February, the DHSC, NHS England and NHS Improvement circulated a set of 22 “lessons studied” recommendations after the cyber-attack.

Among other recommendations, the board called on the DHSC as well as NHS organizations to immediately agree on and apply cyber-security plans and provide an update on their development to the board in June.

A Division of Health and Social Care spokesman stated: “Each part of the NHS should be clear that it has learned the lessons of Wannacry.

“The health facility has upgraded its cyber-security since the attack, however, there is more work to do to safeguard data and patient care.

“We have backed that work by financing more than £60m to tackle main cyber-security vulnerabilities – and intend to devote a further £150m over the next two years to increase resilience, including setting up a new National Secure Operations Centre to increase our capability to avoid, find and react to occurrences.”

An earlier report by the National Audit Office noticed NHS trusts had been left susceptible during the attack since cyber-security recommendations had not been followed.