Following the WannaCry ransomware attack, the government has stated it will pledge an additional £21m to boost cyber security across the NHS.
NHS Digital will be offering a hotline to deal with incidents, they will also transmit alerts about cyber threats to hospitals as well as carrying out security assessments.
Currently the NHS use outdated operating systems such as Windows XP, which has been completely unsupported since April 2014. These operating systems were the focus of most of the criticisms after the attack in May 2017. Work is now under way to completely move away from these systems. According to the Department of Health over the past 18 months the use of Windows XP has fallen from 18% to 4.7%. The extra £21m in funding will help to enhance security at the 27 major trauma sites across England.
These pledges demonstrate the Government’s reaction to a report last July 2016 by the Care Quality Commission (CQC) and Dame Fiona Caldicott, the National Data Guardian. Several months before the WannaCry attack both CQC and Dame Caldicott wrote to Health Secretary Jeremy Hunt warning that an “external cyber threat is becoming a bigger consideration”.
To protect these vital systems, a review of over 60 hospitals, dental practices and GP surgeries were assessed in a data security review. It was uncovered that there was a “lack of understanding of security issues”. The review cautioned that one of the primary causes for patient data breaches was unfortunately due to staff who were seriously overworked “with ineffective processes and technology” in place. Constant reviews and updates across the systems nationally will need to be put in position to protect patient’s data.