Parliamentary Committees and Public Enquiries
Faster action needed on lessons of WannaCry attack
The Public Accounts Committee report sets June deadline for update on costed plans for vital security investment.
- Read the report summary
- Read the report conclusions and recommendations
- Read the full report: Cyber-attack on the NHS
WannaCry attack a "wake-up call for NHS"
The WannaCry cyber-attack on Friday 12 May 2017, was a wake-up call for the NHS.
The attack caused widespread disruption to health services, with more than a third of NHS trusts affected. The NHS had to cancel almost 20,000 hospital appointments and operations, and patients were diverted from the five accident and emergency departments that were unable to treat them.
Yet the NHS was lucky. If the attack had not happened on a Friday afternoon in the summer and the kill switch to stop the virus spreading had not been found relatively quickly, then the disruption could have been much worse.
Department unprepared for relatively unsophisticated attack
The Department of Health and Social Care and its arm's-length bodies were unprepared for the relatively unsophisticated WannaCry attack; they had not shared and tested plans for responding to a cyber-attack, nor had any trust passed a cyber-security inspection.
As the attack unfolded, people across the NHS did not know how best to communicate with the Department or other NHS organisations and had to resort to using improvised and haphazard ways to communicate.
The Department still does not know what financial impact the WannaCry cyber-attack had on the NHS, which is hindering its ability to target its investment in cyber security.
Work still to be done on cyber-security for next attack
Although the Department and NHS bodies have learned lessons from WannaCry, they have a lot of work to do to improve cyber-security for when, and not if, there is another attack.
The recent shocking use of a nerve agent to poison those on British soil has heightened concerns about the UK’s ability to respond to international threats, and hammers home the risks from those hostile to the UK.
A cyber attack is a weapon which can have a huge impact on safety and security. It needs to be treated as a serious, critical threat. The rest of government could also learn important lessons from WannaCry.
Comment from Committee Chair Meg Hillier MP:
"The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cyber security and response plans of the NHS.
But the impact on patients and the Service more generally could have been far worse and Government must waste no time in preparing for future cyber attacks—something it admits are now a fact of life.
It is therefore alarming that, nearly a year on from WannaCry, plans to implement the lessons learned are still to be agreed.
Our report sets out how and why the Department of Health and Social Care and its national bodies should take the lead in ensuring these lessons are quickly translated into action.
I am struck by how ill-prepared some NHS trusts were for WannaCry, in many cases failing to act on warnings to patch exposed systems because of the anticipated impact on other IT and medical equipment.
Government must get a grip on the vulnerabilities of and challenges facing local organisations, as well as the financial implications of WannaCry and future attacks across the NHS.
Cyber security investment cannot be properly targeted unless this information is collected and understood.
There is much important work to do and we urge the Department to provide us with an update by the end of June.
Meanwhile, this case serves as a warning to the whole of Government: a foretaste of the devastation that could be wrought by a more malicious and sophisticated attack. When it comes, the UK must be ready."
Original article link: https://www.parliament.uk/business/committees/committees-a-z/commons-select/public-accounts-committee/news-parliament-2017/nhs-cyber-attack-report-published-17-19/
Latest News from
Parliamentary Committees and Public Enquiries
Levelling up policy will fail without long-term substantive funding for councils, say MPs26/05/2023 15:20:00
The laudable aim to level up the country risks failure unless the Government can provide the long-term substantive funding necessary to help local councils to deliver economic growth for their communities, says the cross-party Levelling Up, Housing and Communities (LUHC) Committee in a report published today (Friday).
Implementation of Children’s social care strategy unambitious and slow, says Lord’s Committee25/05/2023 14:25:00
The Public Services Committee has published its new report, responding to the Government’s Strategy to reform children’s social care, 'Stable homes built on love: implementation strategy and consultation: Children’s Social Care Reform 2023'.
Applications open for schools to take part in the next youth engagement programme22/05/2023 15:25:00
The Environment and Climate Change Committee is offering secondary schools, sixth form colleges, and further education colleges the opportunity to work with the Committee by applying for its youth engagement programme for 14-18 year olds.
MPs express deep concern about gaps in rural mental health care18/05/2023 12:05:00
MPs express deep concern about how isolation, poor public transport and a relative lack of digital connectivity have contributed to poor mental health outcomes for all categories of people across rural communities in England, but especially among farm workers and vets.
Consumer cryptocurrency trading should be regulated as gambling, Treasury Committee says in new report17/05/2023 14:20:00
The Treasury Committee today calls for consumer trading in unbacked crypto to be regulated as gambling.
Sustainability of local journalism: CMS Committee publishes Government response17/05/2023 13:10:00
The Culture, Media and Sport Committee has today published the Government response to its report on the sustainability of local journalism.
MPs call for research sector reforms to address concerns with reproducibility of science10/05/2023 13:15:00
A new report by the Commons Science, Innovation and Technology Select Committee highlights concerns over the reproducibility of scientific research.
Government ambition on nuclear energy must be translated into action by pushing ahead with Wylfa nuclear power station, MPs argue03/05/2023 14:20:00
Concrete commitment by ministers on the future of nuclear energy, and in particular at Wylfa in North Wales, is lacking despite positive policy signals, the Welsh Affairs Committee argues today.