No second cyber attack made on NHS

16 May 17

A feared second wave of cyber attacks did not occur after the NHS was targeted in an international ransomware incident, the health secretary has confirmed.

On Friday, 47 English trusts were victim to the attack and 13 NHS organisations in Scotland were also affected.

Yesterday, Jeremy Hunt told the BBC the National Crime Agency was investigating the incident that saw NHS computers locked down and money demanded from the attackers to unlock the files.

It was feared that NHS workers returning after the weekend would experience another spike in attacks as the malicious software could have infected more computers since Friday.

However this did not materialise and Hunt told the BBC that, despite the cancellation of numerous patient appointments and operations, 80% of the NHS was “unaffected”.

Hunt denied parts of the NHS were left vulnerable to attack because they were unprepared.

“Over the last 18 months, we have reduced the proportion of devices in the NHS that use the most vulnerable platform – XP – from 20% to less than 5%,” he said, but he admitted “lessons would be learned”.

He added: “We don’t know why criminals targeted the NHS in England and Scotland, railways in Germany and the phone system in the Spain. As you can see from where they targeted internationally, they targeted places which have some of the most modern IT systems you could imagine.”

Rob Whiteman, CIPFA chief executive said: "The NHS ransomware attack needs to be a stark reminder for all government organisations to ensure IT security is optimal, regularly reviewed and upgraded, and given the resources to match our reliance on digital systems.

"With access to and the use of vast quantities of personal data, public bodies must have in place robust data protection plans, ensure access to expert support and not to cut cyber security resources when efficiencies are needed elsewhere.”

Whiteman said priorities about where to spend resources and invest in the workforce should be made in the context of risk management strategies, which assess both the likelihood of problems occurring and the impact if they do.

Did you enjoy this article?