NHS slammed for lack of security action, one year after Wannacry

null

Almost a year has passed since the NHS fell victim to the WannaCry ransomware attack and according to a report by MPs the UK's health service has yet to agree on an action plan to prevent similar attacks in the future. 

Last June, hospitals across the country were in disarray in the wake of the attack which caused 20,000 appointments and operations to be cancelled. In response, the Chief Information Officer of NHS was commissioned to carry out a review of the WannaCry attack and recommend how the health service could strengthen its cyber security. 

However, these plans have yet to be implemented or even agreed upon as the Department of Health does not know how much it will cost or when these recommendations will be implemented. 

The Public Accounts Committee also found that many NHS organisations still have a lot to do to improve their own cyber security as 200 NHS trusts recently failed an on-site assessment for cyber security resilience. 

While some NHS providers considered the assessment to be too demanding, a number of trusts failed simply due to not patching their systems which ironically is what led to the WannaCry attack causing so much chaos in the first place.

Committee chair Meg Hillier stressed the point that WannaCry could have been much worse and that the government must prepare much more thoroughly for future attacks, saying: 

“The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cyber security and response plan of the NHS. But the impact on patients and the service more generally could have been far worse and government must waste no time in preparing for future attacks – something it admits are now a fact of life.  It is therefore alarming that, nearly a year on from WannaCry, plans to implement the lessons learned are still to be agreed.” 

Image Credit: Marbury / Shutterstock