Urgent: Investment In NHS Cybersecurity

A "massive" increase in spending is needed to prevent another "avoidable" cyber-attack on UK’s NHS computer systems, an expert has warned, following a ransomware attack hit 11 health boards in Scotland (pictured), as well as many other organisations worldwide.

Prof Bill Buchanan said the attack should act as a "wake-up call" to the government and health service. And he warned the NHS faced bigger threats, such as a large-scale power outage, that could cause loss of life.

Holyrood's health committee heard the WannaCry virus found its way into Scottish NHS systems either through their connection with the NHS England network or through the Internet.

It was able to spread through computers that were vulnerable through a combination of their use of a particular piece of software that shares information between devices, a particular network firewall configuration and the fact they had not been upgraded or "patched up" to the latest version of Microsoft software.

The unprecedented attack, which hit scores of countries, impacted on acute hospital sites in Lanarkshire as well as GP surgeries, dental practices and other primary care centres around Scotland. Health Secretary Shona Robison told the committee that swift action and co-ordination by the NHS in Scotland had limited the impact of the ransomware attack on its network.

But Prof Buchanan, from the Cyber Academy at Edinburgh Napier University, said the penetration of the virus "was avoidable" and there was no excuse for the patch or upgrade not having been carried out. He agreed with Green MSP Alison Johnstone that the incident should act as a "wake-up call" and called for a review of health and social care IT infrastructure.
He said: "This was a critical patch, critical is the highest level. If you want to use something from Spinal Tap, this was an 11 out of 10 in terms of its threat.
"So it should have been patched, it was well known and it was a race for the industry to catch up with the patch before those with the skills to make something malicious turned their evil hands to something.
"I think we got out of this very well but it could happen that it would be much more severe."
He added: "Our systems are legacy and we need to admit that.
"I think we need a massive increase in spending not just on computers, but in really looking at healthcare services and how we provide that to the citizen."

Andy Robertson, director of IT at NHS National Services Scotland, said the health service had measures in place to protect against these types of threats.

He pointed out that the virus had infiltrated only 1% of NHS Scotland's computers, amounting to some 1,500 devices.
"We think our defences worked fairly well in terms of the impact it had on the health service and we think where we were breached we were able to recover as per our recovery plans," he said.
He agreed that extra investment was needed, suggesting a further £15m a year on top of the £100m currently spent on centrally-managed IT programmes in the NHS.

That amount was described as a "sticking plaster" by Prof Buchanan, who said: "I think you need to add zero and then maybe another zero."

BBC

You Might Also Read:

NHS Cyberattack Was 'launched from N. Korea':

Healthcare Sector Accounts For 43% Of UK Data Breaches:

How Cybercrime Affects The Healthcare Industry:

 

 

« Petya Cyber Attack Update
App Or Browser: Which Is Safer For Online Banking? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

SISA

SISA

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive and corrective cybersecurity solutions.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

Cymulate

Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Cycode

Cycode

Cycode is the industry’s first source code control, detection, and response platform.

Allthenticate

Allthenticate

Allthenticate Single Device Authentication (SDA), enables seamless authentication in both the physical and digital words while unifying management in one easy-to-use interface.

Black Hills Information Security (BHIS)

Black Hills Information Security (BHIS)

Black Hills Information Security provide security testing and vulnerability assessment services.

Munich Re

Munich Re

Munich Re is a leading global provider of reinsurance, primary insurance and insurance-related risk solutions including Cyber.

Onclave Networks

Onclave Networks

Onclave Networks is a global cybersecurity leader, transforming the future of securing all IT/OT devices and systems.

Bechtle

Bechtle

Bechtle is one of Europe’s leading IT service providers offering a blend of direct IT product sales and extensive systems integration services.

Colt Technology Services

Colt Technology Services

Colt Technology Services (Colt) is a global digital infrastructure company which creates extraordinary connections to help businesses succeed.

CipherStash

CipherStash

CipherStash is a complete data governance and breach prevention platform.

Pointsharp

Pointsharp

Pointsharp delivers software and services that help organizations secure data, identities, and access in a user-friendly way.

Neosoft

Neosoft

Néosoft is an independent digital transformation consulting group with expertise in Consulting & Agility, Cybersecurity, Data, DevOps, Infrastructure & Cloud and Software Engineering.

System Two Security

System Two Security

System Two Security automates detection engineering and threat hunting.