NHS to ignore post-WannaCry security recommendations

null

The NHS's IT governing body is refusing to invest in cybersecurity protection as it does not represent value for money, reports have claimed.

According to the Health Service Journal, NHS Digital is set to ignore the recommendations laid out in a government-sanctioned report authored by its own CIO due to the costs being too high.

Will Smart’s recommendations would set NHS Digital back between £800 million and £1 billion, and came after a February review, commissioned by the government. 

This followed the WannaCry attack, which saw the NHS being one of the organisations hit the hardest.

Smart’s recommendations were also endorsed by the National Cyber Security Centre (NCSC).

But it’s not just about WannaCry. The NHS is being bombarded with malware and ransomware on regular basis. Computing says there’s a malware called Orangeworm, which ‘specifically targets sensitive healthcare data’, and which has been attacking NHS for some time now. There are also fake sites that look like the NHS one, trying to syphon sensitive data out of unsuspecting visitors.

Also, more than 200 NHS Digital’s medical devices with an internet connection have been compromised, and that 80 per cent of NHS trusts didn’t respond to the ‘high severity’ cyber alert issued back in April.

The Health Service Journal approached the Department for Health and Social Care, asking if the NHS will meet the ‘cyber essentials’. A spokesman said: “The health service has improved its cyber security since the attack, and we have supported this work by investing over £60 million to address key cyber security weaknesses. We plan to spend a further £150 million over the next two years.”

Image source: Shutterstock/Wichy