NHS systems to be strengthened after cyber attack

CERT-LatestNews ThreatsActivists ThreatsCybercrime ThreatsStrategic

Date: July 13, 2017
Source: Computer Crime Research Center

Please use the sharing tools found via the email icon at the top of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email [email protected] to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found at https://www.ft.com/tour.

The government has announced action to make the NHS more resilient to cyber attacks, including some further investment and steps to make hospital chief executives more accountable for the strength of their computer systems.

The response on Wednesday, which followed recommendations from a review of cyber security by Dame Fiona Caldicott, undertaken last year, comes after a major malware attack affected one in five hospitals in England in May.

The action led to cancellations of out patient appointments and non-emergency operations, as well as forcing some GPs to stop seeing patients because they could not access people’s records.

The affair raised questions about the state of NHS technology and the seriousness with which the issue was being taken by some hospital boards.

Lord O’Shaughnessy, health minister, announced that an additional £21m would be made available to strengthen cyber defences at some big trauma centres. These are generally big hospitals that play a vital role in the event of a serious incident, such as a mass-casualty terrorist attack.

The virus that hit the NHS was a type that encrypts valuable data and demands payment in exchange for its release.

In an attempt to mitigate the impact of any future attack, NHS Digital, a key agency in dealing with cyber preparedness in the NHS, will broadcast alerts about cyber threats and will provide a hotline for dealing with incidents. It will also share best practice within the NHS and carry out on-site assessments of cyber defences.

NHS England and NHS Improvement, the agencies in charge of day to day running of the health service, are already following up the small number of critical alerts whether of looming cyber attacks or the need to introduce software updates within 48 hours “to confirm that local organisations have taken necessary action — starting now with major trauma units and ambulance trusts, and rolling out more widely in summer 2017”, said the government.

Add comment  Email to a Friendhttp://www.crime-research.org/news/07.13.2017/4027/