Urgent: Investment In NHS Cybersecurity

A "massive" increase in spending is needed to prevent another "avoidable" cyber-attack on UK’s NHS computer systems, an expert has warned, following a ransomware attack hit 11 health boards in Scotland (pictured), as well as many other organisations worldwide.

Prof Bill Buchanan said the attack should act as a "wake-up call" to the government and health service. And he warned the NHS faced bigger threats, such as a large-scale power outage, that could cause loss of life.

Holyrood's health committee heard the WannaCry virus found its way into Scottish NHS systems either through their connection with the NHS England network or through the Internet.

It was able to spread through computers that were vulnerable through a combination of their use of a particular piece of software that shares information between devices, a particular network firewall configuration and the fact they had not been upgraded or "patched up" to the latest version of Microsoft software.

The unprecedented attack, which hit scores of countries, impacted on acute hospital sites in Lanarkshire as well as GP surgeries, dental practices and other primary care centres around Scotland. Health Secretary Shona Robison told the committee that swift action and co-ordination by the NHS in Scotland had limited the impact of the ransomware attack on its network.

But Prof Buchanan, from the Cyber Academy at Edinburgh Napier University, said the penetration of the virus "was avoidable" and there was no excuse for the patch or upgrade not having been carried out. He agreed with Green MSP Alison Johnstone that the incident should act as a "wake-up call" and called for a review of health and social care IT infrastructure.
He said: "This was a critical patch, critical is the highest level. If you want to use something from Spinal Tap, this was an 11 out of 10 in terms of its threat.
"So it should have been patched, it was well known and it was a race for the industry to catch up with the patch before those with the skills to make something malicious turned their evil hands to something.
"I think we got out of this very well but it could happen that it would be much more severe."
He added: "Our systems are legacy and we need to admit that.
"I think we need a massive increase in spending not just on computers, but in really looking at healthcare services and how we provide that to the citizen."

Andy Robertson, director of IT at NHS National Services Scotland, said the health service had measures in place to protect against these types of threats.

He pointed out that the virus had infiltrated only 1% of NHS Scotland's computers, amounting to some 1,500 devices.
"We think our defences worked fairly well in terms of the impact it had on the health service and we think where we were breached we were able to recover as per our recovery plans," he said.
He agreed that extra investment was needed, suggesting a further £15m a year on top of the £100m currently spent on centrally-managed IT programmes in the NHS.

That amount was described as a "sticking plaster" by Prof Buchanan, who said: "I think you need to add zero and then maybe another zero."

BBC

You Might Also Read:

NHS Cyberattack Was 'launched from N. Korea':

Healthcare Sector Accounts For 43% Of UK Data Breaches:

How Cybercrime Affects The Healthcare Industry:

 

 

« Petya Cyber Attack Update
App Or Browser: Which Is Safer For Online Banking? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

Copenhagen FinTech

Copenhagen FinTech

Copenhagen FinTech is a centre for R&D and innovation in the Danish finance IT sector. Focus areas include cyber security and payments platforms.

Luxembourg Institute of Science & Technology (LIST)

Luxembourg Institute of Science & Technology (LIST)

LIST is a mission-driven Research and Technology Organisation. Areas of research include IT and aspects of IT security.

LEADS

LEADS

LEADS is considered as a leading ICT Solution Provider and an IT partner of choice in Bangladesh.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute at Northern Michigan University offers non-degree and industry credentials relevant to emerging careers in cybersecurity.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

Secure Ideas

Secure Ideas

Secure Ideas is focused on penetration testing and application security including web applications, web services and mobile applications.

CyberPeace Foundation

CyberPeace Foundation

CPF is a think tank of cybersecurity and policy experts with the vision of pioneering Cyber Peace Initiatives to build collective resiliency against CyberCrimes and global threats of cyber warfare.

Sec-Ops

Sec-Ops

Sec-Ops is a forward thinking cyber security company, formed by a group of security enthusiasts with years of experience and backgrounds in the technology and the government industries.

Bluewave

Bluewave

Bluewave are a strategic IT advisory company that offers businesses a simple and comprehensive way to purchase information technology solutions.

Attestiv

Attestiv

Attestiv puts authenticity into photos, videos and documents by utilizing advanced technologies in AI and tamper-proofing.

Cyberlocke

Cyberlocke

Cyberlocke is dedicated to finding inventive solutions to meet the distinct IT obstacles of each organization we support.

Adsigo

Adsigo

Adsigo AG is your reliable and professional partner for all topics concerning PCI certification, compliance and information security.

Aztek

Aztek

Aztek is one of the UK’s leading Managed Service Providers, providing customer-focused IT, Communication and Cyber Security solutions to help transform and grow your business.