When the WannaCry attack happened in May 2017 it led to 19,500 cancelled appointments. Now the NHS could face another high-scale attack.
WannaCry, a NHS cyber attack, also left 600 GP surgeries without their IT systems and caused ambulances to be diverted. The attack caused major disruption not only to the NHS but across multiple countries and businesses.
It was a type of ransomware that travelled easily from one computer to the next. This meant that a small attack spiralled into one proficient enough to take out the whole NHS. This attack could have been prevented by basic IT practices according to a National Audit Office report.
The report found that IT systems in one in three NHS trusts were interrupted during the attack, which used hacking tools stolen from the US National Security Agency.
According to experts at a recent Guardian event supported by DXC, the NHS has leadership issues, budgetary constraints, deficient IT systems and a lack of qualified staff. This all points to the inevitability of another attack.
Meg Hillier, MP for Hackney South and Shoreditch, said:
“A chief executive has a lot of pressures put on them. It’s a challenge: what are you going to pay for? You don’t see any particular benefit for patients if you invest in a good IT system – it’s not a big enough issue and not an instant win in a world of winter pressures.”
She added that many NHS staff do not trust their IT systems. After WannaCry a there were a lot of recommendations that started to move the NHS in the right direction but these recommendations need to be translated into what happens on the ground.
Ben Clacy, Director of Development and Operations at NHS Providers, said:
“I’ll always be terrified that [an attack similar to WannaCry] will happen again. We’re not doing enough [to prevent it] and there’s more we can do.”
What can other organisations do?
Every business can learn what happened to the NHS as well as these fresh warnings. By ignoring cyber security or believing that it should be left to the IT department, businesses of all sizes in any sector could also risk being attacked in the future.
Cyber Essentials defines a focused set of controls which provide clear guidance on basic cyber security for organisations of all sizes, and offers a sound foundation of cyber security measures that all types of organisations can implement at a low cost.