More needs to be done to improve the cyber security readiness of the NHS to
better protect patients. This is the opinion of Steve Tolan, head of practice and development at the Chartered Society of Physiotherapy, whose concern is that the health service is not well enough equipped to deal with a major cyber attack.
He said: “We have examples where cyber security breaches have caused chaos and had a direct impact on patients.”
Mr Tolan noted that, because of this, improving data security “needs to be high on everyone’s agenda so we can support the protection of patient data and ensure continuity of care”.
Indeed, Phil Booth of medConfidential has caused concern among the general public by claiming the NHS is not in a position to deal with a cyber attack.
This comes after the WannaCry incident that occurred in May 2017, when the ransomware worm affected Windows computers and encrypted files on hard drives the world over. When users opened their emails, they released malware on to their computers, which resulted in their files being locked and unable to be accessed. Payment was then often demanded in bitcoin to be able to regain access, although there was no guarantee this would actually occur.
More than 300,000 computers across 150 countries were infected with the ransomware. In the UK, the NHS was the worst affected, with patients’ files on the computer being locked or scrambled.
As a result, many surgeries and hospitals had to close, cancel appointments or turn patients away.
Indeed, 80 out of 236 NHS England trusts and 603 NHS organisations were affected and many of these were locked out of their computers. An additional 46 experienced disruption, although they were not infected by the ransomware. As a result of this, one A&E had to refuse patients; 6,912 first appointments were re- arranged; and 0.4 per cent of urgent cancer referrals were delayed.
Mr Booth said the WannaCry incident was not even a fully fledge cyber attack, but as the NHS “was in such a parlous state … it looked like an attack specifically on the health service”.
This comes after NHS England’s head of cyber security Indi Singh told the Westminster Health Forum’s conference on patient records and data earlier this week that clinicians need to help the cause.
He noted that attacks are becoming more frequent and “increasingly sophisticated”, and therefore, “we have to ensure that all parts of the chain are robust”. Mr Singh stated a cultural movement needed to occur to make sure patient information remains protected in the future.
Despite this, the NHS claims steps have already been made to improve its data protection.
In its report entitled Lessons Learned Review Of The WannaCry Ransomware Cyber Attack, it stated there has been “significant progress … in improving preparedness and our ability to respond”.
These include producing a Cyber Handbook to advise NHS England what to do in the event of an IT attack. An NHS Digital Data Security helpline has also been established and is available 24 hours a day with experts on hand to answer questions.
What’s more, some local NHS teams have commissioned external support to audit their systems and processes to ensure this does not happen again.