NHS suffered more than 1,300 hours of downtime in the last three years, FOIs show

The WannaCry ransomware attack was among the key factors behind network outages

NHS Trusts across England experienced more than 1,300 hours' of downtime in the last three years, while a third of Trusts suffered a security breach.

Twenty-five of 80 NHS Trusts experienced the equivalent of 18 days of outage per year between January 2015 and February 2018, according to a Freedom of Information (FOI) survey submitted by specialist IT firm Intercity Technology, while a security breach was responsible for outages suffered by 14 of them.

Advertisement - Article continues below

Putting questions to 143 NHS Trusts in England, the company learned there had been 18 individual security breaches in that period, with one Trust suffering an average of one breach per year.

"NHS trusts across England are currently being pushed to the limit. It's not surprising that they often don't have the resources to dedicate 24/7 support to their IT systems, and the majority of these breaches could be an unfortunate consequence of this," said Intercity Technology's chief commercial officer Ian Jackson.

"Technology has proven to help facilitate the provision of care within the NHS, boost efficiencies and alleviate some of the strain on the system.

"However, if the benefits are to outweigh the potential risks, it's important to ensure that there are sufficient resources, whether in-house or external, to continuously monitor the network and address any issues before they impact daily activity."

Intercity Technology asked 143 NHS Trusts who was responsible for the security monitoring of their IT networks, how many times they had suffered a breach as a result of unpatched or outdated software, and whether they had suffered any downtime as a result of security issues, along with which parts of the IT infrastructure were affected, and for how long.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

A handful of Trusts suffered an outage as a result of a security breach during this period cited the WanaCry ransomware attack as the main reason, while others responded saying they fell victim to the Locky and Zepto Viruses. The findings also showed that five trusts experienced downtime after they took their systems offline as a precaution after news of the WannaCry attack first broke.

Sharing specific details behind the outages, one Trust also outlined an issue in which an unauthorised device was plugged into a network which disrupted two wards last year, resulting in two hours' worth of time.

The company also learned that the overwhelming majority of NHS Trusts that suffered a blackout, 23 of the 25, relied on internally-based IT teams for the security monitoring of their networks.

A recent parliamentary report into the WannaCry attack found that not one NHS Trust had passed the minimum cyber security standards, in many cases because they had failed to apply critical patches to their systems.

Advertisement - Article continues below

Although some progress had been made since the ransomware wreaked havoc on NHS systems, including a nearly 200 million investment in improving the NHS' cyber security infrastructure, the report recommended further support and guidance must be offered to local healthcare organisations in pathing their systems, and that staffing plans must take into account the need to strengthen IT and cyber security teams.

In a bid resolve its longstanding security concerns, the Department for Health and Social Care (DHSC) earlier this year agreed on a deal with Microsoft to implement a long-awaited upgrade from legacy Windows operating systems to Windows 10 by 2020.

As part of the deal, NHS devices will be upgraded to Windows 10, with Microsoft pushing the latest security updates to NHS machines as soon as they become available. Trusts will be allowed to upgrade their devices free of charge if they join a special service being set up to manage the rollout.

NHS Digital and NHS England were approached for comment but did notrespondd at the time of writing. 

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020