View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 6, 2018

ALL 200 NHS trusts fail cybersecurity assessment

The WannaCry ransomware attack of 2017 revealed the vulnerability of the NHS to cyberattacks, but even after improvements the organisation is still coming up short.

By Tom Ball

Even after the devastating effects of the WannaCry ransomware attack in 2017, all of the NHS trusts that have completed cybersecurity assessments have failed.

Department of Health officials have said that every single one of the 200 trusts had failed the test, even after security measures and practices had been enhanced.

This may not come as a surprise given the ease with which WannaCry took a hold of the NHS last year, having failed to patch an already outdated Windows operating system that is specially maintained by the provider for its use.

Raj Samani, Chief Scientist and Fellow at McAfee, said: “As this news shows, due to the severe and rapidly evolving threat it faces, it is hard for the NHS to update its security processes fast enough. However, the healthcare industry cannot accept defeat. Instead, it must work with security vendors and other public sector organisations to share resources and threat intelligence to more effectively combat the growing rate of cybercrime. Only once this is in place can organisations take a more strategic approach to their defences and bring us one step closer to finding those responsible.”

Rob Shaw, the NHS Digital deputy chief executive commented on the significant amount of work the organisation has yet to do to meet suitable standards to handle the threats posed by today’s threat landscape.

Rob Bolton, Technology Director and GM for Western Europe, Infoblox, said: “The NHS is currently facing a number of challenges. Not only is it being called upon to modernise, reform and improve services to meet the needs of ever more complex, instantaneous patient demands, it is also facing an ever mounting threat from cybercriminals operating in groups that are much more agile than the NHS itself. This spans not only technological environments, but processes and the people that have access.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester
Safer Internet Day 2018: Why it cannot be ignored
EU Fintech Action Plan puts cybersecurity top of the list
Data Privacy Day 2018: Four predictions for the future of data protection

Healthcare globally is proving an extremely slow moving target for hackers, with multitudes of entry points that can be leveraged and a lack of sophisticated cybersecurity. As reported by the Guardian, Simon Stevens, the chief executive of NHS England, said in a meeting: “A whole bunch of things need to change.”

Dr Anton Grashion, manager – security practice at Cylance, said “Although it was a relatively small data set from which to assess the security expertise of a territory, some of the problem boils down to increasing complexity both in threat landscape and the complexity of building the countermeasures. Using the example of the NHS and WannaCry; if the malware had been stopped before it detonated, much of the knock on effect would have been avoided.”

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.