Categories: SecurityWorkspace

MPs: A Year After WannaCry, NHS Must Take ‘Urgent’ Security Action

MPs have criticised the government and the NHS for failing to put measures into place that could prevent attacks similar to the WannaCry malware incident nearly one year ago.

WannaCry, which affected more than 200,000 computers in at least 100 countries, caused the NHS to cancel nearly 20,000 hospital appointments due to the disruption.

The Health and Social Care chief information officer made 22 recommendations to prevent future disruption of the same kind in a report published in February, but the Public Accounts Committee (PAC) said it was “alarming” that no concrete action had yet been taken since then.

More specifically, the PAC said the Department of Health and Social Care (DHSC) still did not know what the proposals would cost or when they would be implemented.


The PAC’s report said the DHSC and NHS bodies had been “unprepared” for WannaCry, which affected 80 out of 236 NHS trusts in England and another 603 NHS bodies, including 595 GP practices.

The NHS had been “lucky” more disruption had been averted when the malware was, by chance, neutralised relatively quickly.

PAC chair Meg Hillier said WannaCry had “laid bare” serious vulnerabilities in the NHS.

“Government must waste no time in preparing for future cyber-attacks – something it admits are now a fact of life,” she said. “It is therefore alarming that, nearly a year on from WannaCry, plans to implement the lessons learned are still to be agreed.”

MPs said the DHSC and the NHS should urgently agree and implement cyber-security plans and provide an update to the committee in June.

The DHSC said the health service had improved its cyber-security since last May’s attack.

“We have supported that work by investing over £60m to address key cyber-security weaknesses – and plan to spend a further £150m over the next two years to improve resilience, including setting up a new National Secure Operations Centre to boost our ability to prevent, detect and respond to incidents,” the department said in a statement.

A report by the National Audit Office in October found the NHS could have avoided WannaCry disruption if it had followed basic security recommendations.

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Fiber Plans US Network Expansion – Report

Google Fiber resurfaces. Network to be expanded to offer speedy internet connectivity to cities in…

2 hours ago

Samsung Unveils Two New Folding Smartphones

Foldable updates from Samsung. include new versions of its pocket sized square (Galaxy Z Flip…

3 hours ago

Facebook At Centre Of US Teenager Home Abortion Case

Court documents show Facebook provided police in the US state of Nebraska with a teenager's…

6 hours ago

President Biden Signs $53 Billion US Chips Act

President Joe Biden signs landmark bill to encourage chip makers to build more semiconductor manufacturing…

7 hours ago

WhatsApp Update To Allow Users To Leave Groups Silently

Privacy changes to WhatsApp. No more blanket notifications to a group if a user decides…

8 hours ago