MPs criticise delays in strengthening NHS cyber defence capabilities
[London, UK] The Public Accounts Committee (PAC) is urging the Department of Health and Social Care (DHSC) and its arm’s-length bodies to provide an update on plans to strengthen cyber defence capabilities across the system before the end of June.
In February this year, the DHSC, NHS England and NHS Improvement published a ‘lessons learned’ review assessing the impact of the WannaCry attack from May 2017, which disrupted services at more than a third of NHS trusts and led to nearly 20,000 appointments and operations being cancelled.
The report outlined 22 recommendations to address known vulnerabilities, but delays in the implementation phase have been described as 'alarming' by MP and Chair of the PAC Meg Hillier.
Earlier this month, BJ-HC reported that the department was looking for a new deputy director of cybersecurity to lead this project.
“I am struck by how ill-prepared some NHS trusts were for WannaCry, in many cases failing to act on warnings to patch exposed systems because of the anticipated impact on other IT and medical equipment,” Hillier said.
The DHSC has not provided an estimate of the financial implications of the WannaCry incident, which the PAC said was 'hindering its ability to target’ cybersecurity investment.
Hillier argued that WannaCry was simply a ‘foretaste of the devastation that could be wrought by a more malicious and sophisticated attack’.
“When it comes, the UK must be ready,” the MP added.
Rob Bolton, Infoblox Director of Western Europe, said:
“As WannaCry demonstrated, vulnerable operating systems and software, in addition to rogue devices on the network, pose a significant threat to hospital services.
"While there is a significant challenge and cost that must be managed with regards to such a project, the PAC is right to highlight the turbulent cyber threat landscape and encourage NHS organisations to secure its IT environment against similar attacks in the future.”