A week after several NHS hospitals and trusts were forced to shut down their systems and emergency services following the WannaCry ransomware attack, Health Secretary Jeremy Hunt has lauded the NHS’ efforts in tackling cyber-crimes.
Hunt has also lauded the organisation’s response to the ransomware attack, stating that 95% of services were restored within 24 hours.
Hunt claims that the NHS ‘has been investing extensively in measures to protect it from cyber-attacks’ and that it succeeded in restoring 95 per cent of all services within 24 hours of the ransomware attack. However, he has also called for the NHS staff to remain vigilant in the face of further attacks in the near future.
According to the BBC, a total of 11 NHS trusts were still facing problems four days after the ransomware attacks which began on 12 May.
Hunt’s response was to a series of allegations levelled by UKIP’s Mark Webber who maintained that Hunt did not heed warnings on cyber-threats faced by the NHS. Webber added that applying security patches was not a big cost item and that the NHS spent more on its IT systems compared to the likes of Amazon and Google.
“The majority of workers in the NHS are skilled and dedicated. But unfortunately, there is a ‘no blame’ culture in the public sector, particularly among senior management.
“Heads must roll, but I doubt anyone will be fired over this. The solution is to restore accountability, cut bureaucracy, streamline processes, and bring in more expertise from the private sector,” said Webber.
Last week, Hunt had laid out steps being taken by the NHS to modernise its IT systems after similar concerns were raised by experts. “Just 18 months ago nearly 20 per cent of our NHS devices were running on XP – that’s been reduced to 4.7 per cent, so real effort has been made,” he said on Monday, three full days after the cyber-attack and accusations on him ‘hiding from the public.’
“According to our latest intelligence, we have not seen a second wave of attacks. And the level of criminal activity is at the lower end of the range that we had anticipated and so I think that is encouraging,” he added.
According to a report from Business Reporter, “approximately 70 per cent of (NHS) Trusts said they had limited training programmes if any in place to safeguard organisational information, including patient records, for staff using personal devices.
“Another factor is that NHS trusts (and the NHS itself) are complex organisations that involve many disparate entities that communicate using different (or absent) security protocols – which gives hackers plenty of opportunity,” the report added.