Categories: SecurityWorkspace

Study: NHS ‘Remains Vulnerable’ To WannaCry-Style Cyber-Attacks

Researchers at Imperial College London have said that the NHS remains vulnerable to cyber-threats such as WannaCry, and called on it to take “urgent steps” to improve security.

The global WannaCry ransomware attack in May 2017 disrupted operations at around 34 NHS trusts, preventing staff from accessing patient data and carrying out critical services.

It is estimated to have cost the NHS around £92m in total, and in response the Department of Health and Social Care announced it would spend £150 million over the next three years to improve security.

The recently announced NHSX unit, which is overseeing digital transformation, is also tasked with clarifying security operations.


But these measures, while important, do not go far enough and the NHS remains vulnerable due to out-dated computer systems, a continued lack of investment and a deficit of skills and awareness in cyber-security, researchers from Imperial College London’s Institute of Global Health Innovation said in a white paper presented last week in the House of Lords.

They said more investment is needed and recommended key measures including employing cyber security professionals in IT teams, building “fire-breaks” into systems to allow for the isolation of certain segments of the structure in the event of an attack or virus infection, and instituting clear communications systems to that staff know where to get help and advice on cyber security.

New technologies are being used in health systems, including robotics, artificial intelligence, implantable medical devices and personalised medicines based on a patient’s genes, and the report’s authors said security must be designed into these technologies from the beginning.

“For the safety of patients, it is critical to ensure that the data, devices and systems that uphold our NHS and therefore our nation’s health are secure,” said Professor the Lord Ara Darzi, co-director of the IGHI and lead author of the study.

‘Looming threat’

“This report highlights weaknesses that compromise patient safety and the integrity of health systems, so we are calling for greater investment in research to learn how we can better mitigate against the looming threats of cyber-attacks.”

Co-author Dr Saira Ghafur said awareness of cyber-attacks has increased since WannaCry, but that further initiatives were needed.

“Addressing the issue of cyber security will take time, as we need a shift in culture, awareness and infrastructure,” Ghafur said.

NHSX said the NHS was “determined” to keep its systems safe from cyber-attacks.

“There is still much to do, which is why an extra £150m is boosting hospital defences alongside a national deal on Microsoft licences,” the organisatio said in a statement.

“NHSX will be setting national strategy and mandating cyber security standards so that local NHS and social care systems have security designed in from the start.”

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Facebook Demands Old FTC Documents In Antitrust Battle

Fresh development in Meta's battle against US regulator, seeking to force Facebook to divest itself…

15 mins ago

Fate Of Newport Wafer Fab Uncertain, As Government Delays Sale Decision

Government delays decision over whether the UK's largest maker of chips can be purchased by…

1 hour ago

Amazon Faces UK Investigation For Suspected Anti-competitive Practices

Another probe. Busy week for the UK's CMA after it confirms investigation of Amazon over…

18 hours ago

UK Regulator Begin Probe Of Microsoft’s Activision Buyout

The CMA confirms start of investigation into Microsoft's $69 billion purchase of leading gaming holding…

20 hours ago

Online Safety Bill Tweak To Combat Russian Misinformation

Foreign interference and misinformation to be designated a priority offence under Online Safety Bill, the…

20 hours ago