NHS suffered more than 1,300 hours of downtime in the last three years, FOIs show

The WannaCry ransomware attack was among the key factors behind network outages

NHS Trusts across England experienced more than 1,300 hours' of downtime in the last three years, while a third of Trusts suffered a security breach.

Twenty-five of 80 NHS Trusts experienced the equivalent of 18 days of outage per year between January 2015 and February 2018, according to a Freedom of Information (FOI) survey submitted by specialist IT firm Intercity Technology, while a security breach was responsible for outages suffered by 14 of them.

Putting questions to 143 NHS Trusts in England, the company learned there had been 18 individual security breaches in that period, with one Trust suffering an average of one breach per year.

"NHS trusts across England are currently being pushed to the limit. It's not surprising that they often don't have the resources to dedicate 24/7 support to their IT systems, and the majority of these breaches could be an unfortunate consequence of this," said Intercity Technology's chief commercial officer Ian Jackson.

Advertisement
Advertisement - Article continues below

"Technology has proven to help facilitate the provision of care within the NHS, boost efficiencies and alleviate some of the strain on the system.

"However, if the benefits are to outweigh the potential risks, it's important to ensure that there are sufficient resources, whether in-house or external, to continuously monitor the network and address any issues before they impact daily activity."

Intercity Technology asked 143 NHS Trusts who was responsible for the security monitoring of their IT networks, how many times they had suffered a breach as a result of unpatched or outdated software, and whether they had suffered any downtime as a result of security issues, along with which parts of the IT infrastructure were affected, and for how long.

A handful of Trusts suffered an outage as a result of a security breach during this period cited the WanaCry ransomware attack as the main reason, while others responded saying they fell victim to the Locky and Zepto Viruses. The findings also showed that five trusts experienced downtime after they took their systems offline as a precaution after news of the WannaCry attack first broke.

Sharing specific details behind the outages, one Trust also outlined an issue in which an unauthorised device was plugged into a network which disrupted two wards last year, resulting in two hours' worth of time.

The company also learned that the overwhelming majority of NHS Trusts that suffered a blackout, 23 of the 25, relied on internally-based IT teams for the security monitoring of their networks.

A recent parliamentary report into the WannaCry attack found that not one NHS Trust had passed the minimum cyber security standards, in many cases because they had failed to apply critical patches to their systems.

Although some progress had been made since the ransomware wreaked havoc on NHS systems, including a nearly 200 million investment in improving the NHS' cyber security infrastructure, the report recommended further support and guidance must be offered to local healthcare organisations in pathing their systems, and that staffing plans must take into account the need to strengthen IT and cyber security teams.

In a bid resolve its longstanding security concerns, the Department for Health and Social Care (DHSC) earlier this year agreed on a deal with Microsoft to implement a long-awaited upgrade from legacy Windows operating systems to Windows 10 by 2020.

As part of the deal, NHS devices will be upgraded to Windows 10, with Microsoft pushing the latest security updates to NHS machines as soon as they become available. Trusts will be allowed to upgrade their devices free of charge if they join a special service being set up to manage the rollout.

Advertisement
Advertisement - Article continues below

NHS Digital and NHS England were approached for comment but did notrespondd at the time of writing. 

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/business/business-strategy/354252/huawei-takes-the-us-trade-sanctions-into-its-own-hands
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019