NEWS COPY
A lack of accountability and investment in cyber-security software left the NHS vulnerable to attack from the Wannacry virus, British Computer Society & The Chartered Institute for IT has claimed.
The health service was brought to its knees on Friday May 12th when hackers downed computer systems leaving front-line hospital staff unable to access vital patient information.
Operations were cancelled and doctors and nurses were forced to rely on hand-written notes to track patient’s case histories and treatments.
Yesterday (Wed) the BCS report into the attack revealed the crisis could have been averted had hospital IT teams had in-house cyber-security experts, an official cyber-attack protocol and sufficiently secure and up-to-date software.
The report was published in the wake of this week’s high-tech attack, the source of which has been linked to the Wannacry virus which caused chaos within the NHS.
David Evans, Director of Community & Policy at The Chartered Institute for IT described the NHS incident as ‘inevitable’ and added the healthcare sector has long struggled to keep pace with cyber-security best practice.
Also blaming a systemic lack of investment, he said: ‘’Patients should be able to trust that hospital computer systems are as solid as the first-class doctors and nurses that make our NHS the envy of the world.
“Unfortunately, without the necessary IT professionals, proper investment and training the damage caused by the Wannacry ransomware virus was an inevitability, but with the roadmap we are releasing today, will make it less likely that such an attack will have the same impact in the future.”
The Chartered Institute of IT has joined forces with the Patient’s Association, the Royal College of Nursing, Microsoft to produce a blueprint that outlines steps NHS trusts should take to avoid another crippling cyber-attack.
Top of the list is ensuring there are clearly laid out standards for accrediting relevant IT professionals. NHS board are being urged to ensure they understand their responsibilities, and how to make use of registered cyber security experts.
And the number of properly qualified and registered IT professionals needs to be increased.
Almost 50 NHS Trusts were hit last month by the Wannacry cyber-attack.
Computers were encrypted and so became unusable in many areas of the health service, with hackers threatening that valuable files would be lost forever unless a ransom was paid.
Patients were still being diverted from accident and emergency departments six days later.
ENDS
