On Friday, 27 October, the National Audit Office (NAO) published a report on the “WannaCry” ransomware attack that hit the NHS earlier this year. The ransomware, which also affected a wide variety of businesses around the world, led to disruption in at least 34% of Trusts in England, with 37 infected and locked out of devices and 44 more disrupted either due to precautions or related systems. Responding to the attack were a number of organisations including NHS England, NHS Digital, NHS Improvement, the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA).
The report outlines the effects on health services (restricted to England and discounting WannaCry’s effects on other sectors) and outlines some of the lessons learned from the attack.
The findings of the report highlight failings throughout the UK health services and detail a lack of preparedness, awareness and resilience. Some key failings listed by the NAO include:
It is important to recognise that the NHS was not the only organistion that severely suffered from the ransomware attack. It was a security breach on a scale that had not been witnessed before and the lack of preparation at a local level was worrying. It is therefore clear that the WannaCry attack was a wake up call for all organisations of all sizes, not just the NHS. However, the lack of preparation at a local level was worrying and it is clear that the WannaCry attack was a wake up call for all organisations, of all sizes.
techUK, through its Cyber in Healthcare working group, will be taking a closer look at the cyber challenges facing the NHS over the next year and looks forward to working with members and NHS Digital to ensure that the NHS is resilient to cyber threats.