NHS suffered more than 1,300 hours of downtime in the last three years, FOIs show

The WannaCry ransomware attack was among the key factors behind network outages

NHS Trusts across England experienced more than 1,300 hours' of downtime in the last three years, while a third of Trusts suffered a security breach.

Twenty-five of 80 NHS Trusts experienced the equivalent of 18 days of outage per year between January 2015 and February 2018, according to a Freedom of Information (FOI) survey submitted by specialist IT firm Intercity Technology, while a security breach was responsible for outages suffered by 14 of them.

Putting questions to 143 NHS Trusts in England, the company learned there had been 18 individual security breaches in that period, with one Trust suffering an average of one breach per year.

"NHS trusts across England are currently being pushed to the limit. It's not surprising that they often don't have the resources to dedicate 24/7 support to their IT systems, and the majority of these breaches could be an unfortunate consequence of this," said Intercity Technology's chief commercial officer Ian Jackson.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Technology has proven to help facilitate the provision of care within the NHS, boost efficiencies and alleviate some of the strain on the system.

"However, if the benefits are to outweigh the potential risks, it's important to ensure that there are sufficient resources, whether in-house or external, to continuously monitor the network and address any issues before they impact daily activity."

Intercity Technology asked 143 NHS Trusts who was responsible for the security monitoring of their IT networks, how many times they had suffered a breach as a result of unpatched or outdated software, and whether they had suffered any downtime as a result of security issues, along with which parts of the IT infrastructure were affected, and for how long.

A handful of Trusts suffered an outage as a result of a security breach during this period cited the WanaCry ransomware attack as the main reason, while others responded saying they fell victim to the Locky and Zepto Viruses. The findings also showed that five trusts experienced downtime after they took their systems offline as a precaution after news of the WannaCry attack first broke.

Sharing specific details behind the outages, one Trust also outlined an issue in which an unauthorised device was plugged into a network which disrupted two wards last year, resulting in two hours' worth of time.

The company also learned that the overwhelming majority of NHS Trusts that suffered a blackout, 23 of the 25, relied on internally-based IT teams for the security monitoring of their networks.

Advertisement - Article continues below

A recent parliamentary report into the WannaCry attack found that not one NHS Trust had passed the minimum cyber security standards, in many cases because they had failed to apply critical patches to their systems.

Although some progress had been made since the ransomware wreaked havoc on NHS systems, including a nearly 200 million investment in improving the NHS' cyber security infrastructure, the report recommended further support and guidance must be offered to local healthcare organisations in pathing their systems, and that staffing plans must take into account the need to strengthen IT and cyber security teams.

In a bid resolve its longstanding security concerns, the Department for Health and Social Care (DHSC) earlier this year agreed on a deal with Microsoft to implement a long-awaited upgrade from legacy Windows operating systems to Windows 10 by 2020.

As part of the deal, NHS devices will be upgraded to Windows 10, with Microsoft pushing the latest security updates to NHS machines as soon as they become available. Trusts will be allowed to upgrade their devices free of charge if they join a special service being set up to manage the rollout.

NHS Digital and NHS England were approached for comment but did notrespondd at the time of writing. 

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/operating-systems/microsoft-windows/354789/microsoft-pulls-disastrous-windows-10-security-update
Microsoft Windows

Microsoft pulls disastrous Windows 10 security update

17 Feb 2020
Visit/operating-systems/27717/how-to-fix-a-stuck-windows-10-update
operating systems

How to fix a stuck Windows 10 update

12 Feb 2020
Visit/business/business-operations/354790/hp-shareholders-invited-to-come-dine-with-xerox
Business operations

HP shareholders invited to come dine with Xerox

17 Feb 2020