NHS ‘will be hit by more cyber attacks’ survey reports

Cyber security is a top concern for healthcare management professionals an exclusive survey reveals, and the threats are expected to increase.

Concern about NHS cyber security has increased following the WannaCry attack and healthcare management professionals expect it to come under further attack from “organised hacktivists”, according to a new survey of those registered to attend this year’s UK Health Show.

The survey of almost 600 registrants to the show, which is held at Olympia London on 27 September, suggests that leading managers and professionals are very worried about similar cyber attacks in the future.

Twice as many say agree (40%) than disagree (20%) with the statements that “if a similar cyber-attack to the WannaCry ransomware attack happened today, the NHS would be better able to deal with it”. However, there is no room for complacency.

The WannaCry attack has been called “the biggest ransomware offensive in history.” More than 300,000 computers were infected in as many as 145 countries when it was unleashed. In the UK, the NHS was particularly badly hit, with around 50 Trusts affected by the virus, which locked staff out of computers and demanded a ransom in Bitcoin. Some Trusts not only shut down email and IT systems, but were forced to close A&E and outpatient departments.

It is no surprise then that cyber security is a top concern for those tasked with running and improving the NHS. Nine in ten (89%) registrants to the UK Health Show say they are concerned about the cyber security threats facing the NHS, including as many as a third (34%) who describe themselves as “very concerned”.

In addition, virtually all respondents to the survey believe the NHS will face increased attacks over the next five years, with more than two in five (42%) expecting “a lot more” attacks to face Britain’s health system in the future.

“Organised hacktivists, such as anonymous” are most likely to be perceived as the main source of potential attacks against the NHS overall (55% of respondents identify this source), rather than “individual hackers” (33%). Few perceive that foreign governments (4%) or the private sector (2%) will be the source of cyber attacks.

Alexander Rushton, the UK Health Show Event Director, said: “We want to help all NHS trusts and those working with the NHS to be prepared and to be resilient in the face of the inevitable cyber security threats the sector will continue to face. This is why technology and cyber security are at the heart of this year’s UK Health Show.

“Managers and professionals are coming to the UK Health Show to better understand how the NHS is being protected nationally, learn about what they need to do in their organisation and meet with colleagues and suppliers that can help them put in the right systems and solutions.”

The top four areas of weakness for the NHS in terms of cyber security are identified as:

  • 71% inadequate IT architecture / systems
  • 51% inadequate training for staff on security protocols
  • 51% compromised users (people who have been hacked, but don’t know about it)
  • 44% not enough skilled staff to protect IT data or systems

Healthcare Efficiency through Technology (HETT) and Cyber Security in Healthcare are two of the four main themes of the UK Health Show. Cyber Security in Healthcare will include presentations on NHS Digital’s CareCERT service, and how it is helping both IT teams and NHS staff improve digital security, while Sheffield Teaching Hospitals NHS Foundation Trust will share its experience of addressing cyber security issues.