The ransomware attack affected 150,000 computers in 150 countries, but in the UK it had a very visible impact on the health service. Some trusts closed their A&Es as IT teams worked across the weekend to get systems up and running again.
Dr Saif Abed, a founding partner of the Abed Graham consultancy, a partner of Highland Marketing, has spoken extensively about WannaCry, the various reports that have been written on its impact, and on what needs to happen next. He talks to Lyn Whitfield.
But, of course, there was no way I could have predicted how a national attack would play out. As far as the level of disruption goes, it could definitely have been a lot worse. A more targeted attack could have been much more devastating.
I’m of the mindset that health IT is the new frontier of cyberwarfare. Future attackers will look to target the integrity of health IT systems; not just whether they are available or not. Imagine what would happen the day drugs are administered from an e-prescribing system and patient medications are mixed up because of a cyber-attack? That gives you a flavour of how bad things could get.
I think that is starting to happen. We all know that public sector organisations are cash strapped, so we can only move at a certain pace but I think, overall, there’s been positive progress. I would like to see a greater focus on clinical leadership and contingency planning for clinical services, but I think that will develop sooner rather than later because the stakes are so high.
I would also re-emphasise that a blame culture has to be avoided. We have to stay focused on the task at hand rather than point fingers. There have been some reports that have perhaps strayed into this territory, but not enough to hamper progress, I would suggest.
These centrally driven moves are critical. At a local level, it’s a more mixed picture; as you would expect given variations in digital maturity. We are still a way away from having Cyber Essentials adopted uniformly across the NHS; let alone having compliance with the major regulatory requirements outlined in the EU’s NIS Directive – which is under the ownership of the Department of Culture, Media and Sport for the NHS.
My primary guidance would be not to rely on buying more technology. If you are following the National Cyber Security Centre’s guidance, you will see that there is much more talk of humans being the strongest link in security. And I think that’s where attention needs to be.
NHS organisations need to ask themselves: ‘When technology fails, as eventually all systems do, can you maintain clinical services as usual, with minimal disruption?’
Our health and industry experts met to discuss Labour’s first 100 days in office, the…
Chancellor Rachel Reeves delivered her first Budget this week, with headline increases in tax, borrowing,…
Health and med tech industry leaders are assessing the implications of a £22.6 billion uplift…
HETT took place at ExCeL London as the Labour Party met in Liverpool. Both events…
Technology adoption in the NHS can be challenging, but there are significant opportunities. Vee Mapunde,…
Lyn Whitfield, content director at Highland Marketing, takes a look at Lord Darzi’s review of…