‘Sim­ple steps ‘ were avail­able

The Scarborough Evening News - - WHITE ROSE AWARDS -

Meg Hil­lier, chair­man of the Com­mons Pub­lic Ac­counts Com­mit­tee, said: “The NHS could have fended off this at­tack if it had taken sim­ple steps to pro­tect its com­put­ers and med­i­cal equip­ment. In­stead, pa­tients and NHS staff suf­fered wide­spread dis­rup­tion, with thou­sands of ap­point­ments and op­er­a­tions can­celled.

“The Depart­ment of Health failed to agree a plan with the NHS lo­cally for deal­ing with cy­ber at­tacks so the NHS re­sponse came too late in the day. The NHS and the depart­ment need to get se­ri­ous about cy­ber se­cu­rity or the next in­ci­dent could be far worse.” health depart­ment had been warned about the risks of cy­ber at­tacks on the NHS in July last year but although work to im­prove se­cu­rity had be­gun, there had been no for­mal writ­ten re­sponse un­til July 2017, two months af­ter the at­tack.

It also says that “on-site cy­ber se­cu­rity as­sess­ments” had been car­ried out at 88 out of the 236 health trusts in Eng­land be­fore the at­tack but that none had passed.

How­ever, the IT depart­ment had no pow­ers to make them take ac­tion.

More than 300,000 com­put­ers in 150 coun­tries were in­fected with the Wan­naCry “ran­somware”, which de­manded money for an un­lock code.

No NHS or­gan­i­sa­tion is thought to have paid the ran­som.

The virus tar­geted com­put­ers with out­dated se­cu­rity – the ma­jor­ity run­ning ver­sions of Win­dows 7 that had not been up­dated. At the time se­cu­rity ex­perts warned the NHS that run­ning such op­er­at­ing sys­tems was a “tick­ing time bomb”, leav­ing it vul­ner­a­ble to fur­ther at­tacks.

Shadow health sec­re­tary Jonathan Ash­worth said the re­port re­vealed “a cat­a­logue of fail­ures which need­lessly left our NHS vul­ner­a­ble and placed pa­tient safety at risk”.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.