A panel of experts have stated that they believe further NHS cyber-attacks – like 2017’s WannaCry – are an inevitability
Another cyber attack on the NHS is inevitable, according to experts speaking at a Guardian event earlier this week.
The Guardian‘s technology reporter, Alex Hern, talked about the impact of last year’s WannaCry attack on hospitals and GP surgeries, while IT specialists and politicians considered how to protect the NHS from future attacks.
WannaCry led to 19,500 appointments being cancelled and left 600 practices without IT systems at all. 81% of the NHS was affected.
Meg Hillier, MP for Hackney South and Shoreditch, said that as well as a shortage of IT skills in the NHS workforce, there was an leadership was a problem.
“A chief executive has a lot of pressures put on them,” she said. “It’s a challenge: what are you going to pay for? You don’t see any particular benefit for patients if you invest in a good IT system – it’s not a big enough issue and not an instant win in a world of winter pressures.”
She added that many NHS staff do not trust their IT systems.
Ben Clacy, director of development and operations at NHS Providers, said: “I’ll always be terrified that [an attack similar to WannaCry] will happen again. We’re not doing enough [to prevent it] and there’s more we can do.”
A report by the National Audit Office discovered that WannaCry could have been prevented by basic IT practices. It also discovered that before the attack, NHS Digital carried out cybersecurity assessments at 88 health trusts in England – none of them passed and no further action could be forced.
Participants of the event highlighted areas for improving NHS IT systems. Chris Flynn, head of cyber and information security operations at NHS Digital, said that the organisation is setting up a data security programme and has taken on board feedback from trusts about the common challenges and vulnerabilities that need to be addressed.