NHS suffered more than 1,300 hours of downtime in the last three years, FOIs show

The WannaCry ransomware attack was among the key factors behind network outages

NHS Trusts across England experienced more than 1,300 hours' of downtime in the last three years, while a third of Trusts suffered a security breach.

Twenty-five of 80 NHS Trusts experienced the equivalent of 18 days of outage per year between January 2015 and February 2018, according to a Freedom of Information (FOI) survey submitted by specialist IT firm Intercity Technology, while a security breach was responsible for outages suffered by 14 of them.

Putting questions to 143 NHS Trusts in England, the company learned there had been 18 individual security breaches in that period, with one Trust suffering an average of one breach per year.

"NHS trusts across England are currently being pushed to the limit. It's not surprising that they often don't have the resources to dedicate 24/7 support to their IT systems, and the majority of these breaches could be an unfortunate consequence of this," said Intercity Technology's chief commercial officer Ian Jackson.

"Technology has proven to help facilitate the provision of care within the NHS, boost efficiencies and alleviate some of the strain on the system.

"However, if the benefits are to outweigh the potential risks, it's important to ensure that there are sufficient resources, whether in-house or external, to continuously monitor the network and address any issues before they impact daily activity."

Intercity Technology asked 143 NHS Trusts who was responsible for the security monitoring of their IT networks, how many times they had suffered a breach as a result of unpatched or outdated software, and whether they had suffered any downtime as a result of security issues, along with which parts of the IT infrastructure were affected, and for how long.

A handful of Trusts suffered an outage as a result of a security breach during this period cited the WanaCry ransomware attack as the main reason, while others responded saying they fell victim to the Locky and Zepto Viruses. The findings also showed that five trusts experienced downtime after they took their systems offline as a precaution after news of the WannaCry attack first broke.

Sharing specific details behind the outages, one Trust also outlined an issue in which an unauthorised device was plugged into a network which disrupted two wards last year, resulting in two hours' worth of time.

The company also learned that the overwhelming majority of NHS Trusts that suffered a blackout, 23 of the 25, relied on internally-based IT teams for the security monitoring of their networks.

A recent parliamentary report into the WannaCry attack found that not one NHS Trust had passed the minimum cyber security standards, in many cases because they had failed to apply critical patches to their systems.

Although some progress had been made since the ransomware wreaked havoc on NHS systems, including a nearly 200 million investment in improving the NHS' cyber security infrastructure, the report recommended further support and guidance must be offered to local healthcare organisations in pathing their systems, and that staffing plans must take into account the need to strengthen IT and cyber security teams.

In a bid resolve its longstanding security concerns, the Department for Health and Social Care (DHSC) earlier this year agreed on a deal with Microsoft to implement a long-awaited upgrade from legacy Windows operating systems to Windows 10 by 2020.

As part of the deal, NHS devices will be upgraded to Windows 10, with Microsoft pushing the latest security updates to NHS machines as soon as they become available. Trusts will be allowed to upgrade their devices free of charge if they join a special service being set up to manage the rollout.

NHS Digital and NHS England were approached for comment but did notrespondd at the time of writing. 

Featured Resources

BIOS security: The next frontier for endpoint protection

Today’s threats upend traditional security measures

Download now

The role of modern storage in a multi-cloud future

Research exploring the impact of modern storage in defining cloud success

Download now

Enterprise data protection: A four-step plan

An interactive buyers’ guide and checklist

Download now

The total economic impact of Adobe Sign

Cost savings and business benefits enabled by Adobe Sign

Download now

Recommended

8 of the most secure web browsers
web browser

8 of the most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
Google removes 17 apps infected with evasive ‘Joker’ malware
malware

Google removes 17 apps infected with evasive ‘Joker’ malware

28 Sep 2020