Site navigation

‘Hospitals May Close’ due to Cyber Attacks

Andrew Hamilton

,

Frontline Workers

The warning follows 11 of Scotland’s 14 NHS boards being affected by the WannaCry attack in May.

NHS Hospitals may be forced to close their doors and turn patients away in the wake of future cyber attacks, the Head of Data Security at NHS Digital has warned.

Dan Taylor, who has helmed the NHS cyber security programme for the past two years, made the damning declarations in an interview with Sky News.

Taylor stressed the urgency for ‘honest conversations’ on the potentially calamitous outcomes of future cyber attacks. He conceded: “We’re in a war here, it’s an ongoing war, and we’re going to lose some battles.”

In May’s WannaCry attack, only 47 out of approximately 20,000 potential health organisations were hit, according to Mr. Taylor. But the comparatively small size of this number should not negate the cancellations of operations and rejections of patients that occurred over that weekend.

Mr Taylor summarised the event: “As a dress rehearsal – as a ‘lesson learned’ – it was good. It raised awareness of how cyber security can actually impact patient-facing services.”

But he digressed: “I’m sick of talking about WannaCry, I’m just going to be honest with you, because WannaCry is one attack vector that happened. If we focus on that one thing, then next time it happens, we’ll go: ‘We’re really good at protecting that bit, oh but we forgot this bit’ – and actually we need to think about defence in depth.”

Mr Taylor compared his role to that of a doctor, warning that it would be ‘impossible’ to prevent all future cyber attacks, but advised that steps can and should be taken to mitigate the spread and damage of infections when they occur. He added: “Things will go wrong, and when they do go wrong actually you need the right systems, processes and people in place to actually limit that.

“We don’t know what the worst case scenario could be.

“For too long we’ve been too timid, where actually if we said, do you know what, in future we’re going to lose a battle along the way, a hospital may have to close its doors. I think if we have that honest conversation now, we’re much likely better to prepare ourselves for that eventuality.”

The NHS is taking tentative steps towards this goal. According to Mr Taylor, NHS Digital’s Data Security Centre helps, “organisations suffering from small attacks or issues on a daily basis”. The unit monitors NHS networks for malicious traffic, while also delivering weekly cyber security briefings on matters that require attention to engineering teams. In more severe situations, the team aims to have alerts dispatched ‘within four hours’.

The unit also piggybacks on intelligence from other friendly sources. Mr. Taylor explained that the service takes, “feeds and intelligence from numerous international sources, from GCHQ or the National Cyber Security Centre, our partners across borders, and we’re always looking for threats that are out there that could be applicable to health.”

Mr Taylor told Sky News he believed that the NHS was ‘improving’ its cyber security provisions, and concluded: “I think WannaCry has been a really good event for us. I know that sounds counter-intuitive, but I think sometimes it takes a wake-up call.”

Andrew Hamilton

Andrew Hamilton

PR & Content Executive at Hutchinson Networks

Latest News

%d bloggers like this: