Like pretty much everyone else in the UK, I have a huge amount of respect for the NHS. Our healthcare system is celebrating its 70-year anniversary, and it’s probably one of the most in-demand healthcare providers in the world. The work that doctors, nurses, and the myriad of healthcare professionals do in hospitals across the country to care for patients should never be underestimated.
When we use tech to the best of its capability, it can have a ground-breaking impact, for example in the work we’ve done with East Lancashire NHS Trust. Their Telestroke service which since 2011, has seen almost 2000 patients remotely assessed for a stroke through the power of telemedicine.
We also need to be ready to help trusts who are battling with introducing greater cybersecurity measures or maintaining their IT infrastructure. My focus is and always has been on how I can help transform NHS services through the best use of technology, and not just for the sake of it, but because it can deliver better outcomes. Within the NHS, better outcomes means better patient care. Surely that’s something we all want?
Over last four years, NHS Trusts have spent £260m on over 400,00 new PCs, at an average cost of £650.54 a box, with more than 100 NHS trusts spending £34m on new PCs in the first half of 2017 alone. But what about expenditure on cybersecurity measures including firewalls and software to protect the NHS’ vast network?
Back in 2017 WannaCry hit not only the NHS but also businesses as large as FedEx, with over 300,000 computers becoming infected. Mikko Hypponen, Chief Research Officer at the Helsinki-based cybersecurity company F-Secure, called the attack “the biggest ransomware outbreak in history.” Did our NHS and other organisations do enough to prevent such an attack?
WannaCry and other forms of ransomware deliver emails with attachments to addresses associated with an organisation, releasing malware which then locks and encrypts files on the users’ computers. Whilst Microsoft released a patch to fix the vulnerability in their operating system, how many users have downloaded it?
The only way to regain access is to pay (usually with a cryptocurrency like bitcoin), but with no guarantee that your files will be released after payment, and with some ransomware even increasing the sum to be paid, how can you avoid losing your files, your money, and your reputation?
To try and understand the cybersecurity landscape within our NHS, we asked 143 Trusts, and 80 responded commenting on the amount of downtime they experienced following a breach (including WannaCry, Locky and Zepto viruses). Twenty-five of the respondents experienced the equivalent of 18 days of outage per year between January 2015 and February 2018, while a security breach was responsible for outages suffered by 14 of them. Of the 80 who responded, we learned that 23 of them work solely with internally-based IT teams to manage the security of their networks.
With a recent parliamentary report into the WannaCry attack finding that not one NHS Trust had passed minimum cybersecurity standards, how can we avoid this happening again in the future?
Although some progress has been made since the ransomware attacks caused chaos for our NHS systems, including a nearly £200 million investment in improving the NHS’ cybersecurity infrastructure, the report recommended further support and guidance must be offered to local healthcare organisations in pathing their systems, and that staffing plans must take into account the need to strengthen IT and cybersecurity teams.
This might mean looking to a securely managed service provider to help NHS organisations minimise downtime, or ensuring mobile devices are managed securely. Firewalls need to be up-to-date and running the most recent software and anti-virus platforms on their systems.
Whilst trusts are undoubtedly affected by network downtime, the biggest impact is on frontline staff and how they’re able to treat patients. With the NHS now ushering in the digital age by modernising the ways we access our patient records and treat patients, we have to make sure that the systems we build to safeguard our data and front-line services are robust, secure and capable of withstanding any attack or compromise.