INSUBCONTINENT EXCLUSIVE:
Image copyrightAFPImage caption
WannaCry was the biggest cyber-attack to have affected the NHS
The
government and NHS bodies have been criticised by MPs for failing to implement measures to improve cyber-security nearly a year after a
major ransomware attack on the service.Twenty-two recommendations were made after the WannaCry attack led to nearly 20,000 cancelled
hospital appointments.The Public Accounts Committee said it was "alarming" these measures had still not been introduced.The government said
cyber-security in the NHS had improved since the attack
The PAC report found the Department of Health and Social Care (DHSC) and NHS bodies had been "unprepared" for the global WannaCry attack,
which happened in May and affected more than 200,000 computers in at least 100 countries.A total of 80 of 236 NHS trusts across England
suffered disruption, as well as another 603 NHS organisations, including 595 GP practices.MPs said the attack could have been "much worse"
and the NHS had been "lucky" the threat had been tackled quickly.But they warned future attacks could be more sophisticated and malicious,
"resulting in the theft or compromise of patient data".In February, the DHSC, NHS England and NHS Improvement published a set of 22 "lessons
learned" recommendations following the cyber-attack
But months later the DHSC still did not know what the proposals would cost or when they would be implemented, the committee said.Meg
Hillier, who chairs the PAC, said: "The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cyber-security and
response plans of the NHS."But the impact on patients and the service more generally could have been far worse
And government must waste no time in preparing for future cyber-attacks - something it admits are now a fact of life
"It is therefore alarming that, nearly a year on from WannaCry, plans to implement the lessons learned are still to be agreed."Image
copyrightEPAThe report said cyber-attacks were "weapons" that needed to be treated as a "serious, critical threat".It said the use of a
nerve agent to poison former spy Sergei Skripal and his daughter Yulia in Salisbury had "heightened concerns about the UK's ability to
respond to international threats, and hammers home the risks from those hostile to the UK".The report said: "A cyber-attack is a weapon
which can have a huge impact on safety and security
"It needs to be treated as a serious, critical threat
"The rest of government could also learn important lessons from WannaCry."Among other recommendations, the committee called on the DHSC and
NHS bodies to urgently agree on and implement cyber-security plans and provide an update on their progress to the committee in June.A
Department of Health and Social Care spokesman said: "Every part of the NHS must be clear that it has learned the lessons of Wannacry
"The health service has improved its cyber-security since the attack, but there is more work to do to protect data and patient care."We have
years to improve resilience, including setting up a new National Secure Operations Centre to boost our ability to prevent, detect and
respond to incidents."A previous report by the National Audit Office found NHS trusts had been left vulnerable during the attack because
cyber-security recommendations had not been followed.