Don’t forget about WannaCry: Hospitals are still at risk of cyber-attack
The National Health Service is still vulnerable to cyber-attack, and must take action to prevent incidents that could risk the safety of patients, researchers have claimed.
A report by Imperial College London’s Institute of Global Health Innovation warns that ageing computer systems, lack of investment, and a lack of security skills is placing hospitals at risk.
It said that a cyber-attack could leave doctors unable to access vital patient details, or stop life-saving medical equipment or devices from working properly, or lead to patient data being stolen.
The researchers said more investment is urgently needed. It said NHS trusts need to add more cyber security professionals in their IT teams, and add ‘fire-breaks’ into their systems to allow parts of the network to be isolated if infected with a computer virus. It said hospitals need clear communication systems so staff know where to get help and advice on cyber security.
The report added that when new technologies such as robotics, artificial intelligence, implantable medical devices and personalised medicines are introduced to healthcare, security must be built into the design of these technologies.
The NHS has already experienced one major cyber-attack, even if it was not specifically targeted. During the WannaCry attack in 2017, health systems were disrupted and thousands of appointments were cancelled, and in some cases patients were diverted to other hospitals. The total cost of the attack to the NHS has been estimated to be around £92m.
Dr Saira Ghafur, lead author of the report, said: “Since the WannaCry attack in 2017, awareness of cyber-attack risk has significantly increased. However we still need further initiatives and awareness, and improved cyber security ‘hygiene’ to counteract the clear and present danger these incidents represent.”
One issue for the NHS is going to be the continuing lack of funding, at a time when the health service is under pressure from increasing demand for services plus demands from patients for new services. While there is demand from politicians and medics for a major digital transformation agenda, there is little money being offered to help, although in April last year the government promised another £150 million for IT security across the NHS.