NHS ‘must get its act together’ over cyberattack threat, says Government watchdog

Posted On: 
27th October 2017

The NHS must urgently heed warnings of threats to its computer systems or face an even larger cyberattack than the ‘WannaCry’ breach in May, the Government’s spending watchdog has warned.

The WannaCry attack in May was the largest ever on the health service
PA Images

The National Audit Office hit out at the health service for failing to prevent the ransomware attack earlier this year, despite warnings as early as 2014 that their systems were vulnerable to hackers.

A report by the body found “critical alerts” had been issued by NHS digital calling on departments to update and safeguard their systems, while NHS Providers, which represents hospitals, warned that further attacks were ‘inevitable’.

Jeremy Hunt ‘was warned last year’ of NHS cyber-attack risk

Home Secretary confirms patient data is secure in NHS hack

Jeremy Hunt accuses Labour of ‘politicising’ NHS hacking

The head of the NAO also previously urged the service to boost its protection, ahead of the largest attack on the NHS to date – which infected computers at 81 health trusts and 600 GP surgeries across the country.

NHS England found that just under 7,000 appointments - including those of 139 cancer patients – were confirmed as cancelled as a result of the hack, with over 19,000 thought to have been affected.

The NAO said the NHS "has accepted that there are lessons to learn" from WannaCry and has committed to ensuring that critical cyber-security updates are carried out.

The body's auditor general, Sir Amyas Morse said: “The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients.”

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice.

“There are more sophisticated cyber threats out there than WannaCry so the Department of Health and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

Shadow Health Secretary, Jon Ashworth, said: “This report reveals a catalogue of failures which needlessly left our NHS vulnerable and placed patient safety at risk.

“The Government must now outline as a matter of priority what action it is taking to keep patients safe this winter and beyond.”

Dan Taylor, NHS Digital's Head of Security, said: “We learned a lot from WannaCry and are working closely with our colleagues in other national bodies to continue to listen, learn and offer support and services to frontline organisations.”

Ben Clacy, Director of development and operations at NHS Providers, said: “The NHS is taking steps at national and local level to prepare for the next attack. Part of this is to ensure that trusts apply software patches and keep anti-virus software up to date."