IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

All 200 NHS trusts fail latest cybersecurity standards

Little has improved since WannaCry debacle, parliamentary committee hears

Despite attempts for improved security provision, the UK's Department of Health has admitted that all 200 NHS trusts assessed for cybersecurity vulnerabilities have failed to meet the standard required.

Civil servants revealed the news in a parliamentary hearing earlier this week, which heard of the effects of the WannaCry ransomware attack on parts of the NHS last year.

The malware affected 300,000 computers in 150 countries in May last year, including 48 NHS trusts, also shutting down multiple hospital IT systems as well as companies and universities elsewhere.

At the time, NHS Digital said the NHS itself was not specifically the target of the attack but part of a wider "Wanna Decryptor" ransomware campaign that was only thwarted when a security researcher discovered a 'kill switch' that stopped the attack in its tracks.

However, hospital trusts across England and Scotland admitted they'd been caught up in the attack, with appointments cancelled, phone lines down and ambulances diverted. Doctors and other staff had also been sharing further details on Twitter, with one screenshot suggesting the ransomware was demanding $300 in Bitcoin to decrypt files, with the price doubling after three days.

Appearing before the Commons' Public Accounts Committee on Monday, NHS Digital deputy chief executive Rob Shaw said trusts were still failing to meet cyber security standards since the WannaCry debacle, admitting some have a "considerable amount" of work to do.

"The amount of effort it takes from NHS providers in such a complex estate to reach the Cyber Essentials Plus standard that we assess against as per the recommendation in Dame Fiona Caldicott's report, is quite a high bar. So some of them have failed purely on patching, which is what the vulnerability was around WannaCry," he said.

Simon Stevens, the chief executive of NHS England, added: "A whole bunch of things need to change."

The total cost of the impact on the NHS is still unknown, as and may never be, attendees heard.

The UK's Foreign Office officially blamed North Korea for the WannaCry campaign in December, though the country's regime denies involvement.

Following WannaCry, officials set aside 20 million for the NHS to create a security centre designed to constantly probe the organisation's cyber defences using ethical hackers, as well as issuing best practice guidance around cybersecurity incidents.

The National Audit Office (NAO) slammed the NHS's security in October last year, saying "basic IT security" measures would have prevented WannaCry from causing the chaos it did. 

"It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber threats out there than WannaCry so the department and the NHS need to get their act together to ensure the NHS is better protected against future attacks," said Amyas Morse, head of the NAO, at the time.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT
ransomware

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022
Sabbath hackers are targeting US schools and hospitals
ransomware

Sabbath hackers are targeting US schools and hospitals

29 Nov 2021
Out-of-hours ransomware attacks have a greater impact on revenue
ransomware

Out-of-hours ransomware attacks have a greater impact on revenue

18 Nov 2021
US and Israel join forces to fight ransomware
ransomware

US and Israel join forces to fight ransomware

15 Nov 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022