Jeremy Hunt, the Health Secretary, has been told to take “urgent” action to prevent another devastating cyber attack on the NHSafter a leaked internal report revealed a string of digital security failings in the health service.
The report, by NHS Digital’s head of security operations, Chris Flynn, said there was a “false sense of security” among staff over cyber threats and highlighted a range of security failings, including weak passwords and poorly protected patient data.
Mr Flynn said many NHS trusts, GP practices and clinical commissioning groups had good security policies but that they were not being properly implemented.
The finding raises fresh fears of hackers crippling the NHS after a cyber-attack using the “WannaCry” ransomware hit 47 health trusts in May, leading to more than 15,000 appointments being cancelled and forcing many GP surgeries to close their doors.
The Independent understands that, in the wake of Mr Flynn’s report, Labour has asked Mr Hunt to “immediately assess” the cyber security of all NHS organisations, act to ensure passwords are strengthened and data protections tightened, and launch a full, independent inquiry into the WannaCry attack.
The report, leaked to the Health Service Journal, said many of the NHS organisations studied had not installed vital security updates. The average point at which the oldest missing update should have been applied was four years ago, raising concerns that individual hospitals and practices are failing to put in place key protections against a cyber attack.
The finding is particularly worrying because a failure to apply security updates was what enabled hackers to target NHS computers during the WannaCry attack.
Source: The Independent