NHS Trusts Failed Cyber Security Assessment

Uploaded on 2018-02-09 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare, TECHNOLOGY--Resilience

Every single one of the 200 British NHS trusts so far assessed for cyber security resilience has failed an onsite assessment, MPs on the Public Accounts Committee were told on 5th February.

There are, a total of 236 trusts and there is no timeline on when the remaining thirty-six will be checked over.

In a hearing about the WannaCry incident last June, entitled "Cyber-attack on the NHS", Rob Shaw, deputy chief exec of NHS Digital, denied it was the case that those bodies who didn't get a passing grade had not done anything over cyber security.
He said: "The amount of effort it takes for NHS providers in such a complex estate to reach the cyber essential plus standard that we assess against... is quite a high bar. Some of them have failed purely on patching, which is what the vulnerability was around Wannacry."

He added: "Some of them need to do a considerable amount of work, but a number of them are on a journey to meeting that requirement."

Shaw said NHS Digital "may want to consider whether to re-inspect those at the highest risk, now we have the additional funding."

Will Smart, chief information officer at NHS Improvement, said that since the incident £21m has been invested in improved cybersecurity, while another £150m has been identified to improve national systems and resilience over the next two years.
He said "further re-prioritisation and additional investment for cyber-security is being considered". Smart declined to say how many organisations were still at high risk, citing security concerns. However, he said it was those organisations who had not been affected by WannaCry but were complacent about their practices that were the ones he was "most worried about".

Smart published a review recently setting out 22 recommendations of the lessons learned around WannaCry. He told MPs having appropriate standards in place across the NHS to enhance resilience and appropriate governance in place to prevent it from happening again were his "top priorities".
In October, the National Audit Office said the NHS could have fended off WannaCry "if only it had taken simple steps to protect its computers", but failed to heed warnings from CareCert about falling victim to a cyber-attack a full year before that incident happened.

Chris Wormald, Permanent Secretary at the Department of Health, said a national response strategy was due to be tested in response to a cyber-attack, but said the incident occurred before the NHS had a chance to trial it.
Before the WannaCry attack, the Department of Health had work underway to strengthen centralised cyber-security in the NHS.

NHS Digital's CareCERT has a system for broadcasting alerts about cyber threats, providing a hotline for dealing with incidents, sharing best practice and carrying out on-site assessments to help protect against future cyber-attacks.

NHS England had embedded the 10 Data Security Standards in the standard NHS contract for 2017-18 and was providing training to its Board and local teams to raise awareness of cyber threats, it said. 

The Register:

You Might Also Read:

Massive Breach: 3m Healthcare Records Compromised:

British NHS Sure To Be Hit By More Cyber Attacks

UK Health Service Should Have Prevented WannaCry Attack:

 

« Cybersecurity Salaries 7% Up In 2018
Hackers Strike Winter Olympics »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CyberDefenses

CyberDefenses

CyberDefenses services combine best-in-class cybersecurity oversight, managed services and training to help our clients truly address their cybersecurity challenges.

Baker McKenzie

Baker McKenzie

Baker & McKenzie is an international law firm. Practice areas include Data & Technology.

Cyberia Group

Cyberia Group

Cyberia is a leading Internet and Security services provider with operations in Saudi Arabia, Lebanon and Jordan.

Cimcor

Cimcor

Cimcor’s flagship software product, CimTrak, helps organizations to monitor and protect a wide range of physical, network and virtual IT assets in real-time.

Pathway Forensics

Pathway Forensics

Pathway Forensics is a leading provider of computer forensics, e-discovery services and digital investigations.

Cyxtera Technologies

Cyxtera Technologies

Cyxtera offers powerful, secure IT infrastructure capabilities paired with agile, dynamic software-defined security.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

Magix Security

Magix Security

Magix Security assesses the cyber threat, gives you visibility of how vulnerable your business is to attack, and provides cybercrime detection and prevention services.

IberLayer

IberLayer

IberLayer is the company behind the Email Guardian service, a cloud based Email Total Protection system that filters and blocks email threats.

SaltStack

SaltStack

SaltStack develops award-winning intelligent IT automation software. We help businesses more efficiently secure and manage all aspects of their digital infrastructure.

Orbus Software

Orbus Software

Orbus develops, markets and sells enterprise software which helps large, blue chip and government organisations across the globe to achieve digital transformation outcomes.

Web3fied

Web3fied

Web3fied is a seed stage company building the future of decentralized digital identity and credentials management.

Unciphered

Unciphered

Unciphered was created as the first company providing services for opening locked hardware cryptocurrency wallets.

Dexian

Dexian

Dexian is a leading provider of staffing, IT, and workforce solutions with nearly 12,000 employees and 70 locations worldwide.

Zeron

Zeron

Zeron build bridges between security teams and top management. Our platform unifies your cyber risk posture seamlessly, encompassing threat insights and quantifiable risk scenarios.

Logiq Consulting

Logiq Consulting

Logiq Consulting provide a full range of Cyber Security, Information Assurance and System Engineering services.