NHS WannaCrypt postmortem: Outbreak blamed on lack of accountability

Plus systemic underspending in IT. Imagine that


A lack of accountability and investment in cyber-security has been blamed for the recent WannaCrypt virus that hobbled multiple hospital NHS IT systems last month in England, a report by The Chartered Institute for IT concludes.

The report, published today, comes following a similar, but more limited attack against UK-based companies as the result of the spread of the NotPetya ransomware earlier this week.

Whilst doing their best with the limited resources available, the Chartered Institute for IT report suggests some hospital IT teams lacked access to "trained, registered and accountable cyber-security professionals with the power to assure hospital Boards that computer systems were fit for purpose".

The healthcare sector has struggled to keep pace with cyber-security best practice thanks in large part to a systemic lack of investment. The WannaCrypt attack was an accident waiting to happen, according to David Evans, director of community & policy at The Chartered Institute for IT.

"Unfortunately, without the necessary IT professionals, proper investment and training the damage caused by the WannaCrypt ransomware virus was an inevitability, but with the roadmap we are releasing today, will make it less likely that such an attack will have the same impact in the future," Evans said.

The Chartered Institute of IT has joined forces with the Patient’s Association, the Royal College of Nursing, BT and Microsoft to produce a blueprint that outlines steps NHS trusts should take to avoid another crippling cyber-attack. Employing accredited IT professionals tops the list. The NHS board is being urged to ensure it understands its responsibilities, and how to make use of registered cyber security experts. The number of properly qualified and registered IT professionals needs to be increased, the report recommends.

Almost 50 NHS Trusts were hit by the WannaCrypt cyber-attack that left infected computers with encrypted files and at least temporarily unusable in many areas of the health service. The outbreak led to operations and appointments being cancelled or postponed.

The issue of how to improve security in the NHS following the WannaCrypt outbreak has been raised in Parliament. In response to a written question, junior Department of Health minister Jackie Doyle-Price said a review of the cyber attack was under way. Emergency measures specifically allocated to deal with last month's NHS ransomware attack cost £180,000. The government is making cyber-security a requirement of health service contracts, she added.

We have changed the National Health Service standard contract to include, from April 2017, cyber security requirements.

Evidence shows that the use of unsupported systems is continuing to reduce in health and care, as organisations replace older hardware. Latest estimates suggest the usage of Windows XP in the NHS has reduced from 15-18% at December 2015, to 4.7% of systems currently.

The 12 May 2017 ransomware incident affected the NHS in the United Kingdom. It is standard practice to review any major incident in the NHS. Further, the Chief Information Officer for health and care is undertaking a review into the May 2017 cyber-attack which is expected to conclude in the autumn.

The identifiable cost of emergency measures put in place to specifically address the NHS ransomware attack on 12 May 2017 was approximately £180,000. These costs were borne by NHS Digital and NHS England from internal budgets. Information relating to any expenditure incurred by individual local NHS trusts or other NHS organisations is not collected centrally.

There was a lot of focus on the NHS's reliance on obsolete Windows XP systems in the aftermath of the WannaCrypt outbreak. However post-hack technical analysis revealed that Windows XP systems were more likely to crash than get infected. Some Win XP systems did nonetheless get pwned, but in any case they weren't a vector in the spread of the cyber-pathogen. Windows 7 systems left unpatched against the leaked EternalBlue NSA exploits at the centre of the outbreak were a much bigger problem, it transpired.

The state of preparedness for online attacks in the NHS reflects those of the public sector more generally. Just over half (53 per cent) of local authorities across the UK are prepared to deal with a cyber-attack, according to a separate survey of over 100 council leaders by management consultancy PwC. Only a third (35 per cent) of local authority leaders are confident that their staff are well equipped to deal with cyber threats. ®

Narrower topics


Other stories you might like

  • AMD claims its GPUs beat Nvidia on performance per dollar
    * Terms, conditions, hardware specs and software may vary – a lot

    As a slowdown in PC sales brings down prices for graphics cards, AMD is hoping to win over the market's remaining buyers with a bold, new claim that its latest Radeon cards provide better performance for the dollar than Nvidia's most recent GeForce cards.

    In an image tweeted Monday by AMD's top gaming executive, the chip designer claims its lineup of Radeon RX 6000 cards provide better performance per dollar than competing ones from Nvidia, with all but two of the ten cards listed offering advantages in the double-digit percentages. AMD also claims to provide better performance for the power required by each card in all but two of the cards.

    Continue reading
  • Google opens the pod doors on Bay View campus
    A futuristic design won't make people want to come back – just ask Apple

    After nearly a decade of planning and five years of construction, Google is cutting the ribbon on its Bay View campus, the first that Google itself designed.

    The Bay View campus in Mountain View – slated to open this week – consists of two office buildings (one of which, Charleston East, is still under construction), 20 acres of open space, a 1,000-person event center and 240 short-term accommodations for Google employees. The search giant said the buildings at Bay View total 1.1 million square feet. For reference, that's less than half the size of Apple's spaceship. 

    The roofs on the two main buildings, which look like pavilions roofed in sails, were designed that way for a purpose: They're a network of 90,000 scale-like solar panels nicknamed "dragonscales" for their layout and shimmer. By scaling the tiles, Google said the design minimises damage from wind, rain and snow, and the sloped pavilion-like roof improves solar capture by adding additional curves in the roof. 

    Continue reading
  • Pentester pops open Tesla Model 3 using low-cost Bluetooth module
    Anything that uses proximity-based BLE is vulnerable, claim researchers

    Tesla Model 3 and Y owners, beware: the passive entry feature on your vehicle could potentially be fooled by a new form of relay attack.

    Discovered and tested by researchers at NCC Group, the attack allows anyone with a tool similar to NCC's to relay the Bluetooth Low Energy (BLE) signal from a smartphone that has been paired with a Tesla back to the vehicle. Far from simply unlocking the door, the hack lets the attacker start the car and drive away too.

    In its testing, NCC Group said it was able to perform a relay attack that allowed researchers to open a Tesla Model 3 from a home in which the vehicle's paired device was located (on the other side of the house), approximately 25 meters away.

    Continue reading

Biting the hand that feeds IT © 1998–2022