Urgent: Investment In NHS Cybersecurity

Uploaded on 2017-07-03 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

A "massive" increase in spending is needed to prevent another "avoidable" cyber-attack on UK’s NHS computer systems, an expert has warned, following a ransomware attack hit 11 health boards in Scotland (pictured), as well as many other organisations worldwide.

Prof Bill Buchanan said the attack should act as a "wake-up call" to the government and health service. And he warned the NHS faced bigger threats, such as a large-scale power outage, that could cause loss of life.

Holyrood's health committee heard the WannaCry virus found its way into Scottish NHS systems either through their connection with the NHS England network or through the Internet.

It was able to spread through computers that were vulnerable through a combination of their use of a particular piece of software that shares information between devices, a particular network firewall configuration and the fact they had not been upgraded or "patched up" to the latest version of Microsoft software.

The unprecedented attack, which hit scores of countries, impacted on acute hospital sites in Lanarkshire as well as GP surgeries, dental practices and other primary care centres around Scotland. Health Secretary Shona Robison told the committee that swift action and co-ordination by the NHS in Scotland had limited the impact of the ransomware attack on its network.

But Prof Buchanan, from the Cyber Academy at Edinburgh Napier University, said the penetration of the virus "was avoidable" and there was no excuse for the patch or upgrade not having been carried out. He agreed with Green MSP Alison Johnstone that the incident should act as a "wake-up call" and called for a review of health and social care IT infrastructure.
He said: "This was a critical patch, critical is the highest level. If you want to use something from Spinal Tap, this was an 11 out of 10 in terms of its threat.
"So it should have been patched, it was well known and it was a race for the industry to catch up with the patch before those with the skills to make something malicious turned their evil hands to something.
"I think we got out of this very well but it could happen that it would be much more severe."
He added: "Our systems are legacy and we need to admit that.
"I think we need a massive increase in spending not just on computers, but in really looking at healthcare services and how we provide that to the citizen."

Andy Robertson, director of IT at NHS National Services Scotland, said the health service had measures in place to protect against these types of threats.

He pointed out that the virus had infiltrated only 1% of NHS Scotland's computers, amounting to some 1,500 devices.
"We think our defences worked fairly well in terms of the impact it had on the health service and we think where we were breached we were able to recover as per our recovery plans," he said.
He agreed that extra investment was needed, suggesting a further £15m a year on top of the £100m currently spent on centrally-managed IT programmes in the NHS.

That amount was described as a "sticking plaster" by Prof Buchanan, who said: "I think you need to add zero and then maybe another zero."

BBC

You Might Also Read:

NHS Cyberattack Was 'launched from N. Korea':

Healthcare Sector Accounts For 43% Of UK Data Breaches:

How Cybercrime Affects The Healthcare Industry:

 

 

« Petya Cyber Attack Update
App Or Browser: Which Is Safer For Online Banking? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

SCADAhacker

SCADAhacker

SCADAhacker provides mission critical information relating to industrial security of SCADA, DCS and other Industrial Control Systems.

Arcitura Education

Arcitura Education

Arcitura is a leading global provider of progressive, vendor-neutral IT training and certification programs.

Brookings Institution

Brookings Institution

The Brookings Institution is a nonprofit public policy organization. Cyber security is covered within the various study areas.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

Tiro Security

Tiro Security

Tiro Security is a boutique company specializing in information security and IT audit recruitment and solutions.

Entreda

Entreda

Entreda offers a unified platform to automate cybersecurity and compliance policy enforcement for your devices, users, networks, applications.

Healthcare Fraud Shield (HCFS)

Healthcare Fraud Shield (HCFS)

The focus of Healthcare Fraud Shield is solely on healthcare fraud prevention and payment integrity with a successful approach based on many unique advantages we deliver to our clients.

KETS Quantum Security

KETS Quantum Security

KETS harnesses the properties of quantum mechanics to solve challenging problems in randomness generation and secure key distribution and enable ultra secure communications.

Orbus Software

Orbus Software

Orbus develops, markets and sells enterprise software which helps large, blue chip and government organisations across the globe to achieve digital transformation outcomes.

ORS Consulting

ORS Consulting

ORS Consulting is a specialist provider of risk management advisory services supporting asset-intensive industries such as chemicals, energy, power and utilities, defence and maritime.

Brightside AI

Brightside AI

Brightside AI is a Swiss cybersecurity SaaS that helps teams combat AI-enabled phishing threats. Protect your team today.

Reach Security

Reach Security

Reach is the first generative AI platform purpose-built to empower enterprise security teams. With Reach, organizations measure, manage, and improve their enterprise security posture at scale.

Ebryx

Ebryx

At Ebryx, we are at the forefront of cybersecurity innovation, leveraging over a decade of expertise to protect and empower organizations worldwide.

RunReveal

RunReveal

RunReveal's mission is to make sure no breach goes undetected. That means having a product that is accessible and effective for companies of all sizes.

SteelGate

SteelGate

SteelGate’s core capabilities are centered around architecture design and engineering of network, systems, and cybersecurity solutions.

CyPro

CyPro

CyPro is a cyber security expert firm that specialises in providing cyber security services tailored for high-growth companies at every stage of their journey.