NHS Digital to ignore IT security recommendations despite WannaCry
NHS Digital is set to ignore the IT security recommendations of its own chief information officer, Will Smart, citing the estimated cost of between £800 million and £1 billion. It claims that the investment would not be "value for money".
The recommendations were the result of a review, published in February, that was commissioned by government in response to the WannaCry ransomware attack, which affected one-fifth of all NHS trusts in the UK. The NHS was especially hard hit, not least due to a lack of up-to-date patching on Windows 7 workstations across the monolithic organisation, one of the biggest employers in the world.
The recommendations in Smart's review had been endorsed by the National Cyber Security Centre (NCSC).
However, documents acquired under Freedom of Information by theHealth Service Journal (HSJ), indicate that NHS Digital has opposed adoption of the recommendations on the grounds that they would not "be value for money".
NHS Digital's response comes despite the organisation coming under sustained and continual cyber attacks, including one called Orangeworm that specifically targets sensitive healthcare data. HSJadds that malicious phishing websites mimicking NHS trusts have also been found, while one NHS organisation was found to have exposed a sensitive database online.
A scan by NHS Digital, it adds, found 227 medical devices connected to the internet with a known vulnerability. And four out of five NHS trusts failed to even respond to a ‘high severity' cyber alert issued in April.
The review of NHS IT security by CIO Will Smart came four months after a damning report into the state of NHS IT security produced by the National Audit Office, which indicated that the NHS and Department of Health didn't know how to respond to the outbreak.
Source computing
Industry: Cyber Security News
Latest Jobs
-
- Security Analyst - Internal role. London commutable. Permanent
- London
- N/A
-
Security Analyst - Internal role. London commutable opportunity. Operational Security - Investigate, escalate and proactively work to ensure household name remains protected. Project Security - Coordinate, log change requests with project delivery teams to meet security requirements Policy / compliance - work with team to aid in uplifting these as and where needed This role is role to investigate, escalate and proactively work to protect a globally recognised brand. You must have current hands on operational analytical security experience with Microsoft technology stack Someone with a SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc very advantageous and a priority. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Network / Security Infrastructure Engineer | West London | Permanent
- London
- N/A
-
Network / Security Infrastructure Engineer | West London | Current Config, Install, upgrade experience On prem / Datacetner experience essential. Hands on experience MUST include: Routing, Switching, Network Security (firewall, IDS etc), Microsoft exchange / Exchange 365. Scripting / automation experience wanted. Python, Powershell etc Regular travel to West London is required. Visa sponsorship not available. Apply today for more information chris.holt@dclsearch.com Use this whatapp link to reach out https://wa.me/message/6USF5RAQBOZIP1
-
- SailPoint File Access Manager Consultant/ Architect
- N/A
- discussed on applications
-
SailPoint File Access Manager (SailPoint FAM) Consultant/ Architect is required for an up coming projects, Ideally looking for someone with experience in Designing and deploying SailPoint FAM , this is a new Deployment, you will work with customer in the initial workshop phase, to understand requirements and to get the initial design, you will then be responsible for deploying the solution. This is a home based role, with some onsite visits required during the length of the project. We are looking for someone who has previous experience in Deploying SailPoint FAM (ideally done design work) Need to have experience with SharePoint and ideally Azure and Share file
-
- DV Cleared CyberArk Consultant- Contract
- City of London
- Upto £700 per day
-
CyberArk Consultant is needed to be responsible for leading the deployment of CyberArk solutions for this Secure government site You will work with customer, helping to create CyberArk Strategic Roadmaps, on-boarding accounts, product and process integration into the CyberArk Solution and Proviso of Installation and technical Documentation. We are looking for this individual to have experience in: In CyberArk deployment, and ideally leady the deployment both strategically and also technically for this project we need the consultant to hold current DV cleared status For the right individual this could be a long term project.