Urgent: Investment In NHS Cybersecurity

A "massive" increase in spending is needed to prevent another "avoidable" cyber-attack on UK’s NHS computer systems, an expert has warned, following a ransomware attack hit 11 health boards in Scotland (pictured), as well as many other organisations worldwide.

Prof Bill Buchanan said the attack should act as a "wake-up call" to the government and health service. And he warned the NHS faced bigger threats, such as a large-scale power outage, that could cause loss of life.

Holyrood's health committee heard the WannaCry virus found its way into Scottish NHS systems either through their connection with the NHS England network or through the Internet.

It was able to spread through computers that were vulnerable through a combination of their use of a particular piece of software that shares information between devices, a particular network firewall configuration and the fact they had not been upgraded or "patched up" to the latest version of Microsoft software.

The unprecedented attack, which hit scores of countries, impacted on acute hospital sites in Lanarkshire as well as GP surgeries, dental practices and other primary care centres around Scotland. Health Secretary Shona Robison told the committee that swift action and co-ordination by the NHS in Scotland had limited the impact of the ransomware attack on its network.

But Prof Buchanan, from the Cyber Academy at Edinburgh Napier University, said the penetration of the virus "was avoidable" and there was no excuse for the patch or upgrade not having been carried out. He agreed with Green MSP Alison Johnstone that the incident should act as a "wake-up call" and called for a review of health and social care IT infrastructure.
He said: "This was a critical patch, critical is the highest level. If you want to use something from Spinal Tap, this was an 11 out of 10 in terms of its threat.
"So it should have been patched, it was well known and it was a race for the industry to catch up with the patch before those with the skills to make something malicious turned their evil hands to something.
"I think we got out of this very well but it could happen that it would be much more severe."
He added: "Our systems are legacy and we need to admit that.
"I think we need a massive increase in spending not just on computers, but in really looking at healthcare services and how we provide that to the citizen."

Andy Robertson, director of IT at NHS National Services Scotland, said the health service had measures in place to protect against these types of threats.

He pointed out that the virus had infiltrated only 1% of NHS Scotland's computers, amounting to some 1,500 devices.
"We think our defences worked fairly well in terms of the impact it had on the health service and we think where we were breached we were able to recover as per our recovery plans," he said.
He agreed that extra investment was needed, suggesting a further £15m a year on top of the £100m currently spent on centrally-managed IT programmes in the NHS.

That amount was described as a "sticking plaster" by Prof Buchanan, who said: "I think you need to add zero and then maybe another zero."

BBC

You Might Also Read:

NHS Cyberattack Was 'launched from N. Korea':

Healthcare Sector Accounts For 43% Of UK Data Breaches:

How Cybercrime Affects The Healthcare Industry:

 

 

« Petya Cyber Attack Update
App Or Browser: Which Is Safer For Online Banking? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

SecureAuth

SecureAuth

SecureAuth delivers cutting edge identity and information security solutions for cloud, mobile, web, and VPN systems.

DataVantage

DataVantage

DataVantage data masking and data management software helps you prevent data breaches, pass compliance audits and meet regulatory requirements such as HIPAA and PCI DSS.

Finjan Holdings

Finjan Holdings

Finjan solutions are aimed at keeping the web, networks, and endpoints safe from malicious code and security threats.

Masergy Communications

Masergy Communications

Masergy delivers hybrid networking, managed security and cloud communication solutions to enterprises around the globe.

Total Cyber-Sec

Total Cyber-Sec

Total Cyber-Sec is a company specialized in providing Professional Information Security and Cybersecurity Services.

Enigmatos

Enigmatos

Enigmatos is an Israeli based Automotive Cyber Security company. We provide solutions to the ever growing threat of vehicle hacking.

Dathena

Dathena

Dathena is a company developing data governance software based on machine learning algorithms.

TechBeacon

TechBeacon

TechBeacon.com is a digital hub by and for software engineering, IT and security professionals sharing practical and passionate guidance to real-world challenges.

Space ISAC

Space ISAC

Space ISAC is the only all-threats security information source for the public and private space sector.

Intrepid Solutions & Services

Intrepid Solutions & Services

Intrepid Solutions and Services provides technology solutions and professional services to key components of the intelligence and national security communities.

Zeva

Zeva

Zeva solves complex identity and encryption challenges for the federal government and corporations around the globe.

SpiderOak

SpiderOak

SpiderOak's portfolio of Secure Communication & Collaboration products ensure the confidentiality, integrity, and availability of your most sensitive data in any environment.

AdvIntel

AdvIntel

AdvIntel is a next-generation threat prevention and loss prevention company launched by a team of certified investigators, reverse engineers, and security experts.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

Cyber Security Global

Cyber Security Global

Cyber Security Global is a leader in electronic security, consultancy, technology, cybersecurity solutions, training, and specialized products.

Vulnify

Vulnify

At Vulnify, we’re revolutionizing the way businesses identify and manage security vulnerabilities.