BCS, The Chartered Institute for IT, with the Patients Association, Royal College of Nursing and others such as IBM and Microsoft, has brought out a ‘Blueprint For Cyber Security in Health and Care‘. It outlines how NHS trusts should minimise the effects of another cyber-attack.
The report claims a lack of accountability and investment in cyber-security are partly responsible for the recent Wannacry virus that hit NHS IT systems, among others.
David Evans, BCS Director of Policy says: “Patients should be able to trust that hospital computer systems are as solid as the first-class doctors and nurses that make our NHS the envy of the world. Whilst doing the best with the limited resources available, it is clear that some hospital IT teams lacked access to trained, registered and accountable cyber-security professionals with the power to assure hospital Boards that computer systems were fit for purpose. The healthcare profession has struggled to keep pace with cyber-security best practice and with a systemic lack of investment, ultimately, the Wannacry attack was an ‘inevitability’.
“Unfortunately, without the necessary IT professionals, proper investment and training, the Wannacry ransomware virus was bound to happen, it was just a matter of when. With the roadmap we are releasing today, will make it less likely that such an attack will have the same impact in the future.”
For the BCS report in full visit http://www.bcs.org/upload/pdf/blueprint-for-cyber-security-in-health-and-care_1.pdf.
Wannacry meant computers were unusable, or turned off as a precaution, in areas of the UK health service, as hackers threatened that files would be lost unless a ransom paid. It led to operations and appointments being cancelled, and patients diverted from accident and emergency departments.
Steve Malone of Mimecast said: “This report makes one thing abundantly clear, investment in cyber resilience and continuity is critical for every organisation. Whether public or privately-owned, clear processes and access to the right technology and talent to help prepare and deal with the aftermath of an attack are crucial.
“With the WannaCry ransomware, patient safety was at stake. Healthcare providers underinvested in security technology and skills, making them an easy target for cybercriminals looking to extort money and cause disruption. During this week’s Petya attacks, a number of organisations gave in to hacker demands and paid ransoms. But this only emboldens and finances attackers for future attacks.
“In light of these attacks, all organisations must review their cyber resilience strategy. This means taking a layered approach – one that spans beyond just security and includes continuity, remediation and recovery to ensure businesses can get quickly back on their feet after an attack. But accountability for cyber resilience shouldn’t just be limited to the IT team alone, every employee is a potential route in to the business. WannaCry and Petya highlight the need for ongoing education to help all end-users spot the tell-tale signs of suspicious emails before clicking links or opening attachments.”