Investment in NHS cyber security must be a priority
18 April 2018
- The Public Accounts Committee publishes a report into the WannaCry cyber-attack.
- The report indicates that lessons have been learned but warns that there is still much work to do to protect the NHS against future attacks.
- NHS Providers says cyber-security must be a priority so it is vital that we protect capital investment.
The Public Accounts Committee has published its report and recommendations in response to the WannaCry ransomware attack which affected the NHS in May last year.
The report argues that although the Department of Health and Social Care and the NHS bodies have learned lessons from WannaCry, there is still a lot of work to do to improve cyber-security for when there is another attack.
Responding, the director of development and operations at NHS Providers, Ben Clacy said:
“As we approach the anniversary of the WannaCry attack, it is absolutely right that we continue to learn important lessons and strengthen how the NHS responds to inevitable future attacks.
“This attack affected around 80 NHS trusts and led to thousands of operations being cancelled. We must recognise the commitment, resilience and resourcefulness of NHS staff who worked around the clock to minimise the impact of the attack on patients.
With no indication that there will be the capital available to carry out the required upgrades and changes, progress is being hampered.
“The Public Accounts Committee rightly acknowledges that lessons have been learned by the NHS bodies and the Department of Health and Social Care, including how they communicate with trusts and the public. Trusts have also taken further steps to ensure they are applying software patches and keeping anti-virus software up to date.
“However, with no indication that there will be the capital available to carry out the required upgrades and changes, progress is being hampered. Cyber security must be a priority so it is vital that the capital investment needed is protected from plugging gaps in day to day spending.
“It is also worth remembering that this attack was not specific to the NHS. It affected thousands of computers in hundreds of countries.”