Skip to main content

NHS to ignore post-WannaCry security recommendations

(Image credit: Image source: Shutterstock/Wichy)

The NHS's IT governing body is refusing to invest in cybersecurity protection as it does not represent value for money, reports have claimed.

According to the Health Service Journal (opens in new tab), NHS Digital is set to ignore the recommendations laid out in a government-sanctioned report authored by its own CIO due to the costs being too high.

Will Smart’s recommendations would set NHS Digital back between £800 million and £1 billion, and came after a February review, commissioned by the government. 

This followed the WannaCry attack, which saw the NHS being one of the organisations hit the hardest.

Smart’s recommendations were also endorsed by the National Cyber Security Centre (NCSC).

But it’s not just about WannaCry. The NHS is being bombarded with malware and ransomware on regular basis. Computing says there’s a malware called Orangeworm, which ‘specifically targets sensitive healthcare data’, and which has been attacking NHS for some time now. There are also fake sites that look like the NHS one, trying to syphon sensitive data out of unsuspecting visitors.

Also, more than 200 NHS Digital’s medical devices with an internet connection have been compromised, and that 80 per cent of NHS trusts didn’t respond to the ‘high severity’ cyber alert issued back in April.

The Health Service Journal (opens in new tab) approached the Department for Health and Social Care, asking if the NHS will meet the ‘cyber essentials’. A spokesman said: “The health service has improved its cyber security since the attack, and we have supported this work by investing over £60 million to address key cyber security weaknesses. We plan to spend a further £150 million over the next two years.”

Image source: Shutterstock/Wichy

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.