Public Accounts Committee launches inquiry into WannaCry attack

The Public Accounts Committee will examine the WannaCry attack in a new inquiry as the Department for Digital, Culture, Media and Sport releases the response to a consultation launched in 2017 to shape implementation of the Security of Network and Information Systems directive.

[London, UK] The Public Accounts Committee has launched an inquiry into the WannaCry attack from May 2017 and its impact on NHS services.

The committee will take evidence from NHS England, NHS Digital, NHS Improvement and the Department of Health, looking at their response to the cyber incident and actions taken to strengthen security measures in the face of emerging threats.

The National Audit Office’s investigation into WannaCry found that 34% of NHS trusts were affected by the ransomware attack, with 37 directly infected and a further 44 experiencing disruption to services after having to shut down IT systems as a precaution.

The first evidence session will take place on 5 February.

The Department for Digital, Culture, Media and Sport (DCMS) has also published today the response to a consultation launched in 2017 to shape implementation of the Security of Network and Information Systems (NIS) directive.

DCMS has now confirmed that the maximum fine for energy, transport, water and health firms that do not have the ‘most robust safeguards in place against cyber-attacks’ has been set at £17m.

“Fines would be a last resort and will not apply to operators which have assessed the risks adequately, taken appropriate security measures and engaged with regulators but still suffered an attack,” DCMS said.

Other plans include the development of a ‘simple, straightforward’ system to simplify reporting of cybersecurity intrusions, hardware failures or power outages.

“Under the new measures recent cyber breaches such as WannaCry and high profile systems failures would be covered by the Network and Information Systems (NIS) Directive,” it was added.

The National Cyber Security Centre (NCSC) has also published detailed guidance to help organisations comply with new measures and existing standards.  

Minister for Digital and the Creative Industries Margot James said:

“Today we are setting out new and robust cyber security measures to help ensure the UK is the safest place in the world to live and be online.

“We want our essential services and infrastructure to be primed and ready to tackle cyber attacks and be resilient against major disruption to services.

“I encourage all public and private operators in these essential sectors to take action now and consult NCSC’s advice on how they can improve their cyber security.”

The NIS directive is part of the government’s £1.9bn strategy for national cybersecurity.

Related content:

DCMS warns poor cybersecurity could lead to £17m fines

Related News

NHS Digital should appoint a national Chief Information and Security Officer, review finds

Review sets out recommendations to strengthen cyber resilience across health and care

NHS Digital signs new deal with Microsoft to boost cyber-resilience

NHS Digital steps up efforts to strengthen cyber-defence capabilities across the health system

New £13.5m cyber innovation centre to be opened in London

Plexal will run the new centre, located in the Queen Elizabeth Olympic Park