NHS security needs more work to prevent hacking attacks
THE NHS has shown an “alarming” failure to improve cyber security despite growing concerns about threats to the UK, MPS have warned.
The Public Accounts Committee (PAC) said the health service had taken insufficient action to protect itself from hacking almost a year after Wannacry, the most devastating attack in its history.
MPS warned that future attacks could be “more malicious and sophisticated” than that which led to the cancellation of 20,000 NHS operations and appointments last May.
Meg Hillier, chairman of the committee, said: “This case serves as a foretaste of the devastation that could be wrought by a more malicious and sophisticated attack. When it comes, the UK must be ready.”
Earlier this week, British and US authorities warned that Russia was preparing to mount cyber attacks on the UK’S “critical infrastructure”. Yesterday, the PAC said the NHS had failed to take sufficient action to protect the service against attack, as it warned of major threats facing Britain.
And it said the whole of government should learn the lessons of Wannacry. MPS said the Department of Health and NHS had a lot of work to do to improve cyber security, for “when, and not if, there is another attack”.
The report says NHS bodies had been repeatedly warned to migrate away from old software systems – as long ago as in 2014 – yet had failed to take action to protect services.
The Department of Health said: “The health service has improved cyber security since the attack, but there is more work to do.”
♦ Theresa May will today announce investment of up to £15million to help Commonwealth countries strengthen their cyber security capabilities. The funds will be used to prevent criminal groups and hostile states targeting other countries, including the UK.