The Biggest & Best Portal to the Professional Property, Workplace and Built Environment Community

Saturday, 24 February

NHS Failings Make You Wanna Cry

On Friday 12 May 2017 a computer virus, known as WannaCry, which encrypts data on infected computers and demands a ransom payment to allow users access, was released worldwide.

WannaCry was the largest cyber attack to affect the NHS in England, although individual trusts had been attacked before 12 May.

A National Audit Office investigation has focused on the ransomware attack’s impact on the NHS and its patients; why some parts of the NHS were affected; and how the Department and NHS national bodies responded to the attack.

The key findings of the investigation are:

The Department was warned about the risks of cyber attacks on the NHS a year before WannaCry and although it had work underway it did not formally respond with a written report until July 2017. The Department and Cabinet Office wrote to trusts in 2014, saying it was essential they had robust plans to migrate away from old software, such as Windows XP by April 2015.

In March and April 2017, NHS Digital had issued critical alerts warning organisations to patch their systems to prevent WannaCry. However, before 12 May 2017, the Department had no formal mechanism for assessing whether local NHS organisations had complied with their advice and guidance and whether they were prepared for a cyber attack.

NHS Digital say that all organisations infected by WannaCry shared the same vulnerability and could have taken relatively simple action to protect themselves. Infected organisations had unpatched, or unsupported Windows operating systems so were susceptible to the ransomware. However, whether organisations had patched their systems or not, taking action to manage their firewalls facing the internet would have guarded organisations against infection.

The attack led to disruption in at least 34% of trusts in England although the Department and NHS England do not know the full extent of the disruption. On 12 May, NHS England initially identified 45 NHS organisations including 37 trusts that had been infected by the WannaCry ransomware. In total at least 81 out of 236 trusts across England were affected. A further 603 primary care and other NHS organisations were infected by WannaCry, including 595 GP practices. However, the Department does not know how many NHS organisations could not access records or receive information, because they shared data or systems with an infected trust. NHS Digital believes no patient data were compromised or stolen.

 

Impact

NHS England identified 6,912 appointments had been cancelled, and estimated over 19,000 appointments would have been cancelled in total. Neither the Department nor NHS England know how many GP appointments were cancelled, or how many ambulances and patients were diverted from the five accident and emergency departments that were unable to treat some patients.

No NHS organisation paid the ransom, but the Department does not know how much the disruption to services cost the NHS.

Costs included cancelled appointments; additional IT support provided by NHS local bodies or IT consultants; or the cost of restoring data and systems affected by the attack. National and local NHS staff worked overtime including over the weekend of 13 to 14 May to resolve problems and to prevent a fresh wave of organisations being affected by WannaCry on Monday 15 May.

 

Kill switch

The cyber attack could have caused more disruption if it had not been stopped by a cyber researcher activating a ‘kill switch’ so that WannaCry stopped locking devices.

Between 15 May and mid-September NHS Digital and NHS England identified a further 92 organisations, including 21 trusts, as contacting the WannaCry domain, though some of these may have been contacting the domain as part of their cyber security activity.

Of the 37 trusts infected and locked out of devices, 32 were located in the North NHS Region and the Midlands & East NHS region. NHS England believe more organisations were infected in these regions because they were hit early on 12 May before the WannaCry ‘kill switch’ was activated.

 

Contingency planning - not tested

The Department had developed a plan, which included roles and responsibilities of national and local organisations for responding to an attack but had not tested the plan at a local level. 

As the NHS had not rehearsed for a national cyber attack it was not immediately clear who should lead the response and there were problems with communications.  Many local organisations could not communicate with national NHS bodies by email as they had been infected by WannaCry or had shut down their email systems as a precaution, though NHS Improvement did communicate with trusts’ Chief Executive Officers by telephone. Locally NHS staff shared information through personal mobile devices, including using the encrypted WhatsApp application.

 

Lessons

The NHS has accepted that there are lessons to learn from WannaCry and is taking action. NHS England and NHS Improvement have written to every major health body asking boards to ensure that they have implemented all alerts issued by NHS Digital between March and May 2017 and taken essential action taken to secure local firewalls.

“The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks,” said Amyas Morse, head of the National Audit Office.

Picture: An NAO investigation has focused on the WannaCry ransomware attack’s impact on the NHS and its patients and how the Department and NHS national bodies responded to the attack

Article written by Brian Shillibeer

Share


Related Articles

Plum Jobs and a Bit of a Tattoo

Plum Plym job Broadgate Estates has given Imtech Inviron a three year shopping centre contract at Drake Circus in Plymouth. The role includes planned and reactive...

 Read Full Article
London City Airport Bomb Update

The latest update as of 10:15pm on Monday February 12 is that a WW2 bomb found in the River Thames near London City Airport was due to be removed from a secondary...

 Read Full Article
FM - Here Is THE News

BBC - Here is the News The Beeb will continue receiving its FM from Interserve in a £140 million contract running until 2023. This latest four-year extension to...

 Read Full Article
FM Firms Shape-up. The Power They're Supplying - It's Electrifying!

National Grid has awarded contracts to two FM service providers for the entire National Grid estate. They are 14Forty, a division of Compass Group UK and Ireland and...

 Read Full Article
Procuring Smarter & Women Who Inspire...PLUS

BIFM offers to assist government to procure smarter; Women Who Inspire Awards launched; Kier wins The Office Group contract; EMCOR becomes a Leesman Consulting Partner;...

 Read Full Article
Christmas FM Digest

On The Twelfth Day Of Christmas On Twelfth Night 2018 or there abouts, Croydon residents will get a free doorstep Christmas tree recycling collection under a new deal...

 Read Full Article
Undercover in Premier Inn - ISS Misadventure Starts Here

When a Channel 4 Dispatches documentary reporter went undercover as an ISS housekeeper at a London Premier Inn, she found some uncomfortable truths about hygiene...

 Read Full Article
A Premier Response From ISS

ISS has found itself in the eye of a storm as a Channel 4 Dispatches documentary revealed unsavoury hygiene practices and unpaid overtime on a Premier Inn contract. ISS...

 Read Full Article
Chocolate, Smoothies, Nurses, Dry Risers, Boilers & Pints of the Black Stuff

Chocolate, Smoothies, Nurses, Dry Risers, Boilers & Pints of the Black Stuff Chocolate is on the menu for Apex Lifts; and Sodexo smoothies for Southampton...

 Read Full Article
Get the Fire Brigade, a Touch of Class, a Brindley Forging, Stonehenge and Dover Castle

Cleveland Fire Brigade   Cleveland Fire Brigade has let a contract to Robertson Facilities Management (RFM) on a four year duration, at the Stockton-on-Tees...

 Read Full Article