ad: Annual 2024 Now Open For Entries!
*

Lack of accountability and investment blamed for NHS cyber attack

Published by

A “lack of accountability and investment” in cyber security measures has been blamed for the recent so-called 'Wannacry' virus that hit NHS IT systems in the UK last month in a report released today by the Chartered Institute for IT (BCS). The report arrives following a similar, but more limited attack that hit a number of UK based companies, including WPP, earlier this week. Whilst doing the best with the limited resources available, the report suggests that some hospital IT teams lacked access to trained, registered and accountable cyber-security professionals with the power to assure hospital Boards that computer systems were fit for purpose.

The healthcare sector has struggled to keep pace with cyber-security best practice and with a systemic lack of investment, ultimately, according to David Evans, Director of Community & Policy at the BCS, the Wannacry attack was an, “inevitability.” Mr Evans explains: “Patients should be able to trust that hospital computer systems are as solid as the first-class doctors and nurses that make our NHS the envy of the world. Unfortunately, without the necessary IT professionals, proper investment and training the damage caused by the Wannacry ransomware virus was an inevitability, but with the roadmap we are releasing today, will make it less likely that such an attack will have the same impact in the future.”

The BCS has joined forces with the Patient’s Association, the Royal College of Nursing, BT and Microsoft to produce a blueprint that outlines the steps NHS trusts should be taking to avoid another crippling cyber-attack. Top of the list is ensuring there are clearly defined standards for accrediting relevant IT professionals. The NHS Boards are being urged to ensure they understand their responsibilities, and how to make use of registered cyber security experts, and have been told that the number of properly qualified and registered IT professionals needs to be increased. The blueprint is effectively a roadmap for creating a ‘cyber safe NHS’ centred on training and accrediting more cyber security professionals in healthcare. Other priorities identified include ‘inducting boards’ on cyber issues, and commissioning original research.

It is not acceptable that where good practice exists, it is not used – especially where lives are put in danger. This is a systemic issue, and we need a systemic solution”

It's not only the lack of trained IT staff that's the issue, of course. The actual hardware are software used by the vast majority of NHS employees is woefully underpowered and old hat. National Audit Office cyber security expert, Tom McDonald, last week published a post stating that: “The NHS was vulnerable to this malware largely because its software was old and hadn’t been ‘patched’ against a known vulnerability. In other words, this was an avoidable problem.” Updating system software is something that all companies should be doing on a regular basis, particularly if that company is in charge of the nation's health.

Of course, the NHS is already underfunded (and, many would argue, underhandedly being sold off to private firms by a Tory government that just gave its magic money tree away to the DUP), and in order to work effectively to this blueprint, we'd need to see not only a better management of resources and a monumental systems update, but more funding in general, because those extra IT professionals won't work for free.

Almost 50 NHS Trusts were hit last month by the Wannacry cyber attack. It meant computers were encrypted and unusable in many areas of the health service, with hackers threatening that valuable files would be lost forever unless a ransom was paid. It led to operations and appointments being cancelled, with patients still being diverted from accident and emergency departments six days later. It was a complete disaster for the NHS and, in my eyes, underlined just how serious the situation is with our beloved National Health Service and how exposed we all are currently to the darker elements of the world wide web.

Benjamin Hiorns is a freelance writer and musician from Kidderminster in the UK. The blueprint mentioned above can be read, in full, HERE.

Comments

More Leaders

*

Leaders

Inspiring Female Leaders: An Interview with RAPP CEO Gabrielle Ludzker

Gabrielle Ludzker is not just any CEO. The current head honcho at customer experience agency RAPP has spent her career breaking away from the traditional corporate CEO stereotype. and leads to inspire rule breakers. Gabby is an inspirational rule...

Posted by: Benjamin Hiorns
ad: Annual 2024 Now Open For Entries!