Post WannaCry, NHS Seeks New Cyber-Security Deputy

The Department of Health and Social Care had posted an job opening for ‘Deputy Director for cyber Security’.

The successful candidate will be expected to oversee “the £200m programme to improve data and cyber security resilience, and adjusting the focus as new risks emerge.”

The role is hugely important considering how badly the global WannaCry ransomware attack damaged NHS trusts across the United Kingdom.

Deputy director

The job opening was listed on the Civil Service website, and will be based in around the Leeds and Humber area, including London. It will pay up to £75,000 per annum in salary.

“This is an exciting opportunity to lead the Government’s policy agenda on data and cyber security, taking forward a significant programme of work to ensure that health and social care organisations proactively mitigate the threat relating to data and cyber security and measurably improve overall resilience,” said the posting.

The Deputy Director for cyber Security role will essentially place the candidate in charge of overseeing the £200m NHS programme to improve data and cyber security resilience.

“The role will require significant personal judgement to manage significant cyber incidents effectively, prioritise and adjust focus based on emerging threats, local intelligence and ongoing live incidents; as well as in working with Ministers and Arms Length Bodies (ALBs),” said the posting.

Only those with “excellent commercial and financial insight, with proven ability to seek out efficiency and value for money,” need apply.

Having good knowledge and understanding of HM Government coupled with an ability to confidently navigate Whitehall, will also help matters.

Damning report

The candidate will certainly have his or her work cut out for them.

Last October, the National Audit Office (NAO) criticised both the NHS and the Department for Health saying it could have avoided the devastating effects of the “relatively unsophisticated” WannaCry ransomware outbreak in May that year.

The NAO found the attack had resulted in a staggering 19,500 medical appointments being cancelled across the NHS.

Additionally, the attack resulted in PCs at 600 GP surgeries being locked, and five hospitals were forced to divert ambulances elsewhere.

The NAO report found that the NHS had been warned about the risks of cyber attacks a year before the WannaCry attack in May 2017, but it only responded with a written report in July 2017.

The damage from the WannaCry attack would have been much worse but for the actions of young security researcher, Marcus Hutchins. He found and activated a “kill switch” that prevented future infections from locking devices.

Hutchins was subsequently arrested in the United States and has pleaded not guilty to charges of developing and distributing the ‘Kronos’ banking malware.

NHS Lanarkshire was one worst-hit health authorities in Scotland, and it admitted that it had failed to ensure its IT systems were fully patched with a vital security update, which left it vulnerable to the attack.

Matters were not helped by the fact that it was still using 395 PCs that ran Windows XP – support for which had ended back in 2014.

Do you know all about security? Try our quiz!