Categories: SecurityWorkspace

MPs: A Year After WannaCry, NHS Must Take ‘Urgent’ Security Action

MPs have criticised the government and the NHS for failing to put measures into place that could prevent attacks similar to the WannaCry malware incident nearly one year ago.

WannaCry, which affected more than 200,000 computers in at least 100 countries, caused the NHS to cancel nearly 20,000 hospital appointments due to the disruption.

The Health and Social Care chief information officer made 22 recommendations to prevent future disruption of the same kind in a report published in February, but the Public Accounts Committee (PAC) said it was “alarming” that no concrete action had yet been taken since then.

More specifically, the PAC said the Department of Health and Social Care (DHSC) still did not know what the proposals would cost or when they would be implemented.

‘Unprepared’

The PAC’s report said the DHSC and NHS bodies had been “unprepared” for WannaCry, which affected 80 out of 236 NHS trusts in England and another 603 NHS bodies, including 595 GP practices.

The NHS had been “lucky” more disruption had been averted when the malware was, by chance, neutralised relatively quickly.

PAC chair Meg Hillier said WannaCry had “laid bare” serious vulnerabilities in the NHS.

“Government must waste no time in preparing for future cyber-attacks – something it admits are now a fact of life,” she said. “It is therefore alarming that, nearly a year on from WannaCry, plans to implement the lessons learned are still to be agreed.”

MPs said the DHSC and the NHS should urgently agree and implement cyber-security plans and provide an update to the committee in June.

The DHSC said the health service had improved its cyber-security since last May’s attack.

“We have supported that work by investing over £60m to address key cyber-security weaknesses – and plan to spend a further £150m over the next two years to improve resilience, including setting up a new National Secure Operations Centre to boost our ability to prevent, detect and respond to incidents,” the department said in a statement.

A report by the National Audit Office in October found the NHS could have avoided WannaCry disruption if it had followed basic security recommendations.

Do you know all about security? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Amazon To Shutter Sites In Unionised Province In Canada

1,700 jobs to be lost in Quebec, as Amazon says it will close seven sites…

15 hours ago

Google Wins UK Injunction To Halt Russian Enforcement Of Judgements

Google wins permanent injunction from London's High Court to prevent enforcement of Russian YouTube judgements

17 hours ago

Tech Giants Announce $500 Billion AI Plan In US

OpenAI, SoftBank, Oracle and others form joint venture called 'The Stargate Project' – to build…

18 hours ago

CMA Chair Replaced By Government Amid Growth Drive

Government replaces chairman of the competition watchdog with former Amazon boss, amid Labour's “growth” drive…

19 hours ago

Google Invests $1 Billion in AI Startup Anthropic

More investment into OpenAI rival Anthropic, after Google reportedly makes fresh investment of more than…

22 hours ago

The State of Additive Manufacturing: Head-to-Head

Explore insights from Mathieu Pérennou, Additive Manufacturing Solutions Director at Hexagon, on how 3D printing…

23 hours ago