In wake of WannaCry, NHS assessed 200 facilities on cybersecurity preparedness — None passed

The Public Accounts Committee of the U.K. Parliament released an update on the U.K. National Health Service's cybersecurity preparedness in a March 18 report.

The report was commissioned following the worldwide ransomware attack WannaCry, which infected 200,000-plus computers in more than 150 countries in May 2017.

NHS represented one of WannaCry's most prominent victims, as the ransomware affected more than one-third of NHS trusts. As a result of the ransomware attack, NHS canceled almost 20,000 appointments and diverted patients from five of its accident and emergency departments.

The U.K. Public Accounts Committee's report, which refers to WannCry as a "wake-up call for the NHS," outlines how the ransomware attack affected NHS facilities, those facilities' readiness for future cyberattacks and overarching cybersecurity preparedness lessons for other government agencies to consider.

The report notes prior to WannaCry, many NHS facilities were "unprepared for the relatively unsophisticated WannaCry attack." These facilities had not shared and tested response plans, and NHS personnel did not have established practices to communicate with one another as the attack unfolded.

NHS England told the U.K. Public Accounts Committee it has gained better visibility into NHS trusts' cybersecurity preparedness since WannaCry. However, the report cites recent results from on-site cybersecurity assessments NHS Digital conducted at 200 trusts, in which all trusts failed their cybersecurity assessment.

NHS England attributed some of these failures to the assessments' "high bar." However, the U.K. Public Accounts Committee argued some facilities' shortcomings were due to their failure to patch IT systems.

"Although the [Department of Health and Social Care] and NHS bodies have learned lessons from WannaCry, they have a lot of work to do to improve cybersecurity for when, and not if, there is another attack," the report reads.

To access the U.K. Public Accounts Committee's report, click here.

More articles on cybersecurity:
25% of organizations using a public cloud have had data stolen, survey finds
US, UK issue joint alert on alleged Russian state-sponsored cyberattacks
Report: Top 5 causes of healthcare breaches in Q1

© Copyright ASC COMMUNICATIONS 2021. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.


Featured Whitepapers

Featured Webinars