NHS must take urgent steps against hacking

Researchers from Imperial College London have claimed that the NHS remains vulnerable to cyber attack and must take urgent steps to defend against threats which could risk the safety of patients.

Presented at the House of Lords, the new White Paper on NHS Cyber Security suggests that a combination of out-dated computer systems, lack of investment, and a deficit of skills and awareness in cyber security is placing NHS hospitals at risk.

The research team commend existing measures put in place across the health system, but say more investment is urgently needed. Possible initiatives include employing cyber security professionals in NHS IT teams, building ‘fire-breaks’ into hospital computer systems to allow certain segments to become isolated if infected with a computer virus, and having clear communication systems so staff know where to get help and advice on cyber security.

Lord Darzi, co-director of the Institute of Global Health Innovation (IGHI), said: “We are in the midst of a technological revolution that is transforming the way we deliver and receive care. But as we become increasingly reliant on technology in healthcare, we must address the emerging challenges that arise in parallel. For the safety of patients, it is critical to ensure that the data, devices and systems that uphold our NHS and therefore our nation’s health are secure.

“This report highlights weaknesses that compromise patient safety and the integrity of health systems, so we are calling for greater investment in research to learn how we can better mitigate against the looming threats of cyber attacks.”

The WannaCry attack in 2017 prevented staff in around 34 NHS trusts from accessing patient data and critical services. Thousands of appointments were cancelled, and in some cases patients were diverted to other hospitals. The total cost of the attack to the NHS has been estimated by the Department of Health and Social Care to be around £92 million.

Saira Ghafur, lead author of the report, explained: “Since the WannaCry attack in 2017, awareness of cyber-attack risk has significantly increased. However we still need further initiatives and awareness, and improved cyber security ‘hygiene’ to counteract the clear and present danger these incidents represent. The effects of these attacks can be far-reaching – from doctors being unable to access patients test results or scans, as we saw in WannaCry, to hackers gaining access to personal information, or even tampering with a person’s medical record.”