One in five NHS trusts were hit by Friday’s cyber-attack
- 14 May 2017
A total of 48 English trusts and 13 NHS bodies in Scotland were hit by Friday’s unprecedented cyber-attacks, a fifth of the total, resulting in cancelled operations and appointments as NHS staff lost access to networks and patient electronic records.
By Sunday morning home secretary Amber Rudd, who lead the government’s public response to the NHS attacks, said that all but six NHS trusts IT systems were functioning again.
Seven trusts were reported by the BBC on Sunday morning to still be experiencing difficulties:
- London’s Barts Health NHS Trust
- East and North Hertfordshire NHS Trust
- James Paget University Hospitals NHS Foundation Trust, Norfolk
- Southport and Ormskirk Hospital NHS Trust
- United Lincolnshire Hospital NHS Trust
- York Teaching Hospitals NHS Foundation Trust
- University Hospitals of North Midlands NHS Trust
Barts, the biggest trust in the NHS, was one of the hardest hit, and on Saturday was reported to be redirecting ambulances away from the three A&E units it runs at Newham, Whipps Cross and the Royal London hospital, while non-urgent operations were cancelled.
Barts was only just recovering from a massive network failure at the end of April which had left staff without access to pathology and diagnostic imaging.
The attacks were discussed at a COBRA emergency ministerial meeting held on Saturday afternoon. The attacks hit organisations in 100 countries, but have had a particularly severe impact on the NHS.
Questions have begun to focus on why parts of the NHS proved so vulnerable to an attack that exploited a known Windows vulnerability, patches for which had been available since March. The finger of blame has been pointed at the continued use of the redundant and no longer supported Windows XP operating system across parts of the health service.
Labour and the Liberal Democrats have both blamed the crisis on the government’s failure to deliver promised investment to upgrade hospital computers.
The shadow health secretary, Jonathan Ashworth, said he had repeatedly raised concerns about the NHS’s outdated computers.
In an open letter to health secretary Jeremy Hunt on Saturday, he wrote: “I urge you to publicly outline the immediate steps you’ll be taking to significantly improve cybersecurity in our NHS. The public has a right to know exactly what the government will do to ensure that such an attack is never repeated again.”
Ashworth demanded to know why NHS organisations failed to act on a critical security note from Microsoft two months ago, what resources were being provided to hospitals to alleviate the crisis and what protections against cyber-attacks existed.
Ashworth has also called on the government to launch an independent inquiry into the attack.
He also questioned why the government had not extended a £5.5 million annual contract with Microsoft in 2015 to continue to provide support for the redundant XP operating system, still in use in parts of some NHS trusts.
The former NHS Digital chairman Kingsley Manning told Radio 4 a cyber-attack “was always going to happen”. He suggested trusts were sometimes to blame for diverting money earmarked for IT upgrades.
NHS Digital said it would take several weeks to restore some key equipment, such as MRI scanners, which run on the affected Windows XP programme.
The malware responsible Wanna Decryptor, which exploits a vulnerability in Microsoft Windows, and was originally developed by the US National Security Agency, and then leaked onto the web by hackers.
In March, Microsoft issued a special patch to protect Windows users, and NHS Digital notified trusts of the need to apply the patch in April, though only as part of a routine advisory notice.
One of the main questions of any investigation into why the NHS proved so vulnerable to Friday’s global attacks is likely to be had trusts applied security patches to address a known security risk.
Speaking on the Andrew Marr Show on Sunday morning, Defence Secretary Sir Michael Fallon said that the government had invested £50 million in NHS cyber security, and had warned trusts of the dangers of running redundant systems like Windows XP.
Interviewed on Sky News on Sunday morning, Rudd was asked where health secretary Jeremy Hunt was and whether he had been locked in a cupboard.
4 Comments
Local email is generally routed via the NHS relays and subject to same mail hygiene systems as NHSmail. Both are managed by NHSD and Accenture.
This isnt true in all cases and depending on the nature of the attack could be subverted as the especailly if the same policies /controls are not enforced locally. Its certainly more than a coincidence.
Here are a few things that I think they will find given my experience of the NHS :
Using local email systems instead of the national system allowing malware through.
Failing to have a proper patch / update regime.
Insufficient network controls/segmentation allowing proliferation.
Failure to properly firewall legacy devices / systems.
Not using least privileges.
I think the simple answer is IT/informatics wasn’t given enough priority or was funded adequately.
You don’t have to far back on this site to see common patterns emerging (and these aren’t just IT) in a number of NHS regions and trusts.
Comments are closed.