The Courier & Advertiser (Perth and Perthshire Edition)
1,500 NHS computers hit by global cyber attack
SNP minister questioned over resilience to online assault
The cyber attack hit 1,500 computers at NHS Scotland, the Scottish Government has said.
Health Secretary Shona Robison pledged to review the lessons to be learned from last week’s ransomware assault.
In a statement to Holyrood, she said there was no evidence of breaches of patient data or safety, but admitted there was some disruption with appointments having to be rescheduled.
Donald Cameron, the Scottish Conservatives’ shadow health secretary, demanded assurances that systems are upgraded given that out-of-date software has been raised as a possible reason for the attack’s success.
Ms Robison said most of those systems affected were not Windows XP, which some have said left PC users poorly protected.
She said computers using Windows 2003 and 2007 were mainly affected and “only a small number” were running XP.
“It’s not straightforward, that it’s about one piece of software compared to another,” Ms Robison told MSPs.
“What we need to understand is that across these different software that were affected, why were some affected and not others?”
She said NHS computers systems are under “regular attack”, and pointed to that as evidence of the effectiveness of the protections in place.
Anas Sarwar, Scottish Labour’s health spokesman, said his party have been calling for a full review of cyber security for years, which he said has been ignored.
Ms Robison said the NHS chief operating officer had written to health boards reminding them of the need to make sure they have “the best resilience in place” to “make sure their systems are as good as they could be”, as recently as February.
Ms Robison said the 1,500 devices affected amounts to less than 1% of the NHS Scotland total.
She said: “Reviews are already under way to capture what can be improved to ensure that we reduce the chances of a similar attack happening in the future.”
At the same time as Ms Robison addressed MSPs, a National Cyber Resilience Leaders’ Board, chaired by Justice Secretary Michael Matheson, drafted a public sector action plan.
It includes new standards that all Scottish public bodies must have in place by 2018 and a fresh drive to accredit all organisations to at least the “cyber essentials” standard.
A total of 11 Scottish health boards were affected by the attack, which was first detected on Friday.