A new white paper presented by researchers from Imperial College London on cyber security at NHS trusts to parliament said that the national healthcare system needs to take urgent measures to defend itself against hackers.
The white paper reported that NHS trusts continue to be vulnerable to cyber-attack and that the number and sophistication of attacks on them are only increasing. Written by researchers from the university’s Institute of Global Health Innovation (IGHI), the report warns that the WannaCry attack two years back was relatively crude and unsophisticated compared to the current threats, which could risk the safety of patients if there is no proper defence in place.
The WannaCry attack prevented staff in nearly 34 NHS trusts from accessing patient data and critical services.
The researchers, led by IGHI co-director Ara Darzi, believe that even two years after the WannaCry attack, out-dated computer systems, lack of investment, and a shortage of skills and awareness in cyber security continue to put NHS hospitals at risk.
Darzi said: “We are in the midst of a technological revolution that is transforming the way we deliver and receive care. But as we become increasingly reliant on technology in healthcare, we must address the emerging challenges that arise in parallel.
“For the safety of patients, it is critical to ensure that the data, devices and systems that uphold our NHS and therefore our nation’s health are secure.”
The researchers said that although the existing measures taken up across the NHS trusts are commendable, more investment on cyber defence is urgently required. The white paper outlines various key measures for NHS trusts to take to boost cyber resilience.
Among the initiatives suggested are recruiting cyber security professionals in their IT teams, developing ‘fire-breaks’ into their systems so that certain segments are isolated if infected with a computer virus, and setting up clear communication systems using which staff can get help and advice on cyber security when needed.
IGHI’s Saira Ghafur, the lead author of the report, said: “Addressing the issue of cyber security will take time, as we need a shift in culture, awareness and infrastructure. Security needs to be factored into the design of digital tools and not be an afterthought.
“NHS trusts are already under financial pressure, so we need to ensure they have the funds available to ensure robust protection against potential threats.”