MPs criticise delays in strengthening NHS cyber defence capabilities

MP and Public Accounts Committee Chair Meg Hillier has said delays in strengthening cyber resilience across health and care following the WannaCry attack are ‘alarming’.


[London, UK] The Public Accounts Committee (PAC) is urging the Department of Health and Social Care (DHSC) and its arm’s-length bodies to provide an update on plans to strengthen cyber defence capabilities across the system before the end of June.  

In February this year, the DHSC, NHS England and NHS Improvement published a ‘lessons learned’ review assessing the impact of the WannaCry attack from May 2017, which disrupted services at more than a third of NHS trusts and led to nearly 20,000 appointments and operations being cancelled. 

The report outlined 22 recommendations to address known vulnerabilities, but delays in the implementation phase have been described as 'alarming' by MP and Chair of the PAC Meg Hillier. 

Earlier this month, BJ-HC reported that the department was looking for a new deputy director of cybersecurity to lead this project. 

“I am struck by how ill-prepared some NHS trusts were for WannaCry, in many cases failing to act on warnings to patch exposed systems because of the anticipated impact on other IT and medical equipment,” Hillier said. 

The DHSC has not provided an estimate of the financial implications of the WannaCry incident, which the PAC said was 'hindering its ability to target’ cybersecurity investment. 

Hillier argued that WannaCry was simply a ‘foretaste of the devastation that could be wrought by a more malicious and sophisticated attack’. 

“When it comes, the UK must be ready,” the MP added. 

Rob Bolton, Infoblox Director of Western Europe, said:

“As WannaCry demonstrated, vulnerable operating systems and software, in addition to rogue devices on the network, pose a significant threat to hospital services. 

"While there is a significant challenge and cost that must be managed with regards to such a project, the PAC is right to highlight the turbulent cyber threat landscape and encourage NHS organisations to secure its IT environment against similar attacks in the future.”

Related content:

NHS Digital criticised for sharing data with Home Office after ongoing concerns


Leontina Postelnicu

To share tips, news or announcements, contact the writer on

Related News

DHSC inks deal with Microsoft amid increasing cyber concerns

Health and Social Care Secretary Jeremy Hunt says the new deal will ensure the NHS uses 'the latest and most resilient software available'...

A look at cybersecurity across the NHS after the WannaCry attack

Building cyber resilience across the NHS

NHS Digital issues £20m tender for Security Operations Centre

New centre to ‘enhance’ NHS Digital’s CareCERT services