PAC report calls for faster NHS action on cyber security
18 Apr 2018 02:42 PM
Report sets June deadline for update on costed plans for vital security investment.
The Public Accounts Committee (PAC) today published a report on the lessons learned from the affects that last year’s global WannaCry ransomware cyber attack had on the National Health Service (NHS).
The report concludes that the NHS was, in 2017, ill-prepared for a cyber attack of that scale and that there was a long way to go before agreed, prioritised and costed plans for improving cyber security were in place across the NHS. It contains a number of recommendations for the NHS including;
- The setting out of clear roles and responsibilities for national and local NHS organisations so that communications are co-ordinated during a cyber-attack, with the identification of alternative secure communications
- That the Department of Health and its arm’s length bodies support local organisations to improve cyber security by developing a full understanding of the cyber security arrangements and IT estate of all local NHS organisations.
- That the Department provide an update to the Committee by the end of June 2018 with its national estimate of the cost to the NHS of WannaCry
Responding to the Committee’s report, Talal Rajab, techUK’s Head of Cyber and National Security, said:
“Nearly one year on from the WannaCry cyber attack, it is clear that there is a need for constant vigilance within the NHS to ensure that patient data and vital systems are protected.
“Over the past 12 months, additional funding for cyber security in the NHS has been made available and NHS Digital initiatives, such as CareCERT and a new £21m capital fund to address the cyber security of major trauma centres, will minimise the impact of future cyber incidents.
“It is important to note that WannaCry was not just a wake-up call for the NHS, but for organisations across the public and private sector, to get their house in order and remain prepared in this era of heightened cyber tensions. Further sector-specific guidance can be found through the National Cyber Security Centre.”