NHS not properly investing in cyber security

According to IT Pro, the Cumbrian NHS has suffered more than 150 cyber attacks in five years, highlighting the need for better cyber security investment across the health service

As discovered via a Freedom of Information (FOI) request, NHS Cumbria has suffered over 150 cyber attacks in a five-year period.

147 of these attacks were targeted at University Hospitals of Morecambe Bay NHS Trust. The trust told the BBC that £29,600 was spent in 2017 dealing with the attacks.

The number of of attacks reported has been labelled “extraordinary” by Iain Stainton, senior lecturer in policing and criminology at the University of Cumbria.

The trust’s head of IT, Lee Coward, said that it may have reported higher numbers than others due to its rigorous reporting process.

Joseph Carson, chief security scientist at Thycotic, conversely believes the numbers are too low. “The latest reports about Cumbria health trust being hit by 147 cyber-attacks over a five year period is shockingly low, or they simply are not detecting and identifying the majority of cyber-attacks.

He added: “Cybercriminals do not want to be found and will do everything possible to stay hidden. It wouldn’t be surprising if this number was even double or triple if a thorough investigation was being done.”

Regardless, this discovery highlights the fact that the NHS on the whole isn’t taking cyber security seriously enough – even after 2017’s major WannaCry problem.

Copeland Borough Council spent £2m to recover from a separate in 2017. Mike Starkie, independent elected mayor said the council “had 60 anti-virus systems running and only three of those actually detected that there was anything in the system… none of them picked up actually what it was.”

Another FOI request found that some trusts are spending just £250 on cyber security.

Don’t forget to follow us on Twitter, or connect with us on LinkedIn!

You might also like...  GP shortage fuelled by rising numbers of part-time workers