Don't forget about WannaCry: Hospitals are still at risk of cyberattack

Despite the chaos caused by the WannaCry attack, healthcare systems are still at risk from attacks that could endanger patient safety say researchers, who are calling for more investment.
Written by Steve Ranger, Global News Director

The National Health Service is still vulnerable to cyberattack, and must take action to prevent incidents that could risk the safety of patients, researchers have claimed.

A report by Imperial College London's Institute of Global Health Innovation warns that ageing computer systems, lack of investment, and a lack of security skills is placing hospitals at risk.

It said that a cyberattack could leave doctors unable to access vital patient details, or stop life-saving medical equipment or devices from working properly, or lead to patient data being stolen.

SEE: 10 tips for new cybersecurity pros (free PDF)

The researchers said more investment is urgently needed. It said NHS trusts need to add more cybersecurity professionals in their IT teams, and add 'fire-breaks' into their systems to allow parts of the network to be isolated if infected with a computer virus. It said hospitals need clear communication systems so staff know where to get help and advice on cybersecurity.

The report added that when new technologies such as robotics, artificial intelligence, implantable medical devices and personalised medicines are introduced to healthcare, security must be built into the design of these technologies.

The NHS has already experienced one major cyberattack, even if it was not specifically targeted. During the WannaCry attack in 2017, health systems were disrupted and thousands of appointments were cancelled, and in some cases patients were diverted to other hospitals. The total cost of the attack to the NHS has been estimated to be around £92m.

Dr Saira Ghafur, lead author of the report, said: "Since the WannaCry attack in 2017, awareness of cyberattack risk has significantly increased. However we still need further initiatives and awareness, and improved cybersecurity 'hygiene' to counteract the clear and present danger these incidents represent."

One issue for the NHS is going to be the continuing lack of funding, at a time when the health service is under pressure from increasing demand for services, plus demands from patients for new services. While there is demand from politicians and medics for a major digital transformation agenda, there is little money being offered to help, although in April last year the government promised another £150 million for IT security across the NHS.

Editorial standards