NHS Attack, Could It Have Been Prevented?

May this year saw the NHS come under attack from ‘WannaCry’ ransomware, leaving thousands of patients stranded and many of us wondering how this could have happened to such a huge organisation in the UK.

Reports that surfaced last week indicate the attack could have been a result of cyber-security recommendations that were not followed or adhered to. An assessment of 88 of the 236 NHS trusts by NHS Digital before the attack, found that none passed the required cyber-security standards set out.

The report continued to detail how NHS trusts had failed to act on critical alerts from NHS Digital, a warning from the Department of Health and from the cabinet in 2014 to patch faulty software or to migrate away from vulnerable older software.

This is a severe case of negligence on many parts, resulting in a confirmed 6,500 appointments cancelled, an estimated 19,000 appointments affected and at least 139 people with urgent referrals stranded. In many of these cases a simple upgrade to the systems used at local level would have prevented the attack to a certain extent, if not completely. The National Audit Office (NAO) reported that “WannaCry was a relatively unsophisticated attach and could have been prevented by the NHS by the NHS following basic IT and security best practice.”

For many executives and business owners, a serious cyber-attack is high on their list of risks to their organisations. This is imperative and should be a priority for all businesses regardless of their size and stature. For any advice as to how best protect your home and business against cyber threats do not hesitate to get in contact with the borwell team on 01684 377980.

Leave a Reply