pageview
W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9eq0wvanbnl2jhbm5lci1kzwzhdwx0lmpwzyjdxq

NHS Digital to ignore IT security recommendations despite WannaCry

about 2 years ago by Lucy Cinder

NHS Digital to ignore IT security recommendations despite WannaCry

Cyber Security

NHS Digital is set to ignore the IT security recommendations of its own chief information officer, Will Smart, citing the estimated cost of between £800 million and £1 billion. It claims that the investment would not be "value for money".

The recommendations were the result of a review, published in February, that was commissioned by government in response to the WannaCry ransomware attack, which affected one-fifth of all NHS trusts in the UK. The NHS was especially hard hit, not least due to a lack of up-to-date patching on Windows 7 workstations across the monolithic organisation, one of the biggest employers in the world.

The recommendations in Smart's review had been endorsed by the National Cyber Security Centre (NCSC).

However, documents acquired under Freedom of Information by theHealth Service Journal (HSJ), indicate that NHS Digital has opposed adoption of the recommendations on the grounds that they would not "be value for money".

NHS Digital's response comes despite the organisation coming under sustained and continual cyber attacks, including one called Orangeworm that specifically targets sensitive healthcare data. HSJadds that malicious phishing websites mimicking NHS trusts have also been found, while one NHS organisation was found to have exposed a sensitive database online.

A scan by NHS Digital, it adds, found 227 medical devices connected to the internet with a known vulnerability. And four out of five NHS trusts failed to even respond to a ‘high severity' cyber alert issued in April.

The review of NHS IT security by CIO Will Smart came four months after a damning report into the state of NHS IT security produced by the National Audit Office, which indicated that the NHS and Department of Health didn't know how to respond to the outbreak.

Source computing

Industry: Cyber Security News

Blank

Latest Jobs