‘Good’ hackers to attack NHS in £20m project
NHS Digital is aiming to prevent another Wannacrystyle cyber-attack by hiring ‘ethical’ hackers to look for weaknesses in its cyberdefences. They will work at a new £20m security operations centre, simulating attacks in a process known as penetration testing.
The Wannacry ransomware attack in May crippled NHS systems in England and Scotland, causing the cancellation of an estimated 19,500 appointments, although no personal data was stolen. It highlighted how susceptible NHS computers are to cyber-attack.
A report in October criticised NHS trusts for not acting on advice from NHS Digital and the Government to upgrade out-of-date operating systems.
Dan Taylor, head of the digital security centre at NHS Digital, said the centre would help the NHS anticipate future vulnerabilities as well as block known threats. He added it will give “health and care organisations additional intelligence and support services that they might not otherwise be able to access”.
Security experts welcomed the decision to use ethical hackers, also called ‘whitehat’ hackers, a practice already common in companies and public organisations that use complex computer networks. Cyber-criminals see such organisations as a goldmine of personal information, as well as potential weak points in a country’s infrastructure.
Independent security expert Kevin Beaumont told the BBC that such measures are “essential in modern-day organisations”.
He added: “In an event like Wannacry, the centre could help hospitals know where they are getting infected from in real time, which was a big issue. Organisations were unsure how they were being infected”.