This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/technology/2017/may/15/warning-of-nhs-cyber-attack-was-not-acted-on-cybersecurity
The article has changed 6 times. There is an RSS feed of changes available.
| Version 0 | Version 1 |
|---|---|
| Warning of NHS cyber-attack risk was not acted on, says cybersecurity adviser | Warning of NHS cyber-attack risk was not acted on, says cybersecurity adviser |
| (about 3 hours later) | |
| The government has been accused of failing to heed a warning last summer that the NHS could be at risk from cyber-attacks by one of the advisers who highlighted the potential for major problems. | The government has been accused of failing to heed a warning last summer that the NHS could be at risk from cyber-attacks by one of the advisers who highlighted the potential for major problems. |
| In July, the NHS regulator, the Care Quality Commission, and the national data guardian, Dame Fiona Caldicott, warned that the threat of such attacks “has not only put patient information at risk of loss or compromise but also jeopardises access to critical patient record systems by clinicians”. | In July, the NHS regulator, the Care Quality Commission, and the national data guardian, Dame Fiona Caldicott, warned that the threat of such attacks “has not only put patient information at risk of loss or compromise but also jeopardises access to critical patient record systems by clinicians”. |
| The WannaCry attack on Friday has affected 47 NHS organisations, some of which were still experiencing problems on Monday, although the health secretary, Jeremy Hunt, said a feared second wave of attacks on the health system had not occurred. | The WannaCry attack on Friday has affected 47 NHS organisations, some of which were still experiencing problems on Monday, although the health secretary, Jeremy Hunt, said a feared second wave of attacks on the health system had not occurred. |
| Dr David Wrigley, a GP from Lancashire, who is deputy chair of the British Medical Association, was on a panel that drew up the guidelines on cybersecurity, which were provisionally accepted by the Department of Health last year. | Dr David Wrigley, a GP from Lancashire, who is deputy chair of the British Medical Association, was on a panel that drew up the guidelines on cybersecurity, which were provisionally accepted by the Department of Health last year. |
| He said there had been a failure to act on the advice. “It’s been known about for years, that the software isn’t up to date across the NHS, so it’s not unpredictable that this situation should have arisen,” he said. “But it’s disappointing that funding hasn’t been given to upgrade the system. It needs urgent action by politicians.” | He said there had been a failure to act on the advice. “It’s been known about for years, that the software isn’t up to date across the NHS, so it’s not unpredictable that this situation should have arisen,” he said. “But it’s disappointing that funding hasn’t been given to upgrade the system. It needs urgent action by politicians.” |
| He said staff in his area had been working day and night at the weekend to limit the impact but national action was required. | He said staff in his area had been working day and night at the weekend to limit the impact but national action was required. |
| “Issues around software obviously haven’t been addressed,” he said. “I don’t think it’s acceptable for politicians to say, ‘It’s all down to local NHS and management’. They have got a duty to ensure everything is up to date.” | “Issues around software obviously haven’t been addressed,” he said. “I don’t think it’s acceptable for politicians to say, ‘It’s all down to local NHS and management’. They have got a duty to ensure everything is up to date.” |
| The report said the threat “is most often introduced from denial of service attacks (attempts to make a machine or network resource unavailable to its intended users) and ransomware such as ‘cryptolocker’, but can also arise during the transition between different IT systems”. It also referred to “known weaknesses and vulnerabilities” of Windows XP – the operating system used by trusts believed to have been worst affected by Friday’s attack. | The report said the threat “is most often introduced from denial of service attacks (attempts to make a machine or network resource unavailable to its intended users) and ransomware such as ‘cryptolocker’, but can also arise during the transition between different IT systems”. It also referred to “known weaknesses and vulnerabilities” of Windows XP – the operating system used by trusts believed to have been worst affected by Friday’s attack. |
| The government revealed on Monday that thousands of NHS computers (just under 5%) were still using the old Windows XP operating system, although a No 10 spokesman said other Windows systems were also affected. | The government revealed on Monday that thousands of NHS computers (just under 5%) were still using the old Windows XP operating system, although a No 10 spokesman said other Windows systems were also affected. |
| In a statement, the office of the national data guardian said: “The need for steps to be taken to protect the health and care system against cyber-attack remains a priority for the national data guardian. Dame Fiona highlighted the importance of this in the review that she published last year, and is committed to working with others across the system to ensure that effective measures are in place, and that lessons are learned from this incident.” | In a statement, the office of the national data guardian said: “The need for steps to be taken to protect the health and care system against cyber-attack remains a priority for the national data guardian. Dame Fiona highlighted the importance of this in the review that she published last year, and is committed to working with others across the system to ensure that effective measures are in place, and that lessons are learned from this incident.” |
| Seven NHS trusts were still experiencing problems on Monday, including St Bartholomew’s hospital in London, York Teaching Hospitals NHS Trust and the University Hospital of North Midlands Trust | Seven NHS trusts were still experiencing problems on Monday, including St Bartholomew’s hospital in London, York Teaching Hospitals NHS Trust and the University Hospital of North Midlands Trust |
| York trust was “almost engulfed” by the attack, leaving some outpatient appointments cancelled on Monday, especially at Selby War Memorial hospital. | York trust was “almost engulfed” by the attack, leaving some outpatient appointments cancelled on Monday, especially at Selby War Memorial hospital. |
| Blackpool Teaching Hospitals NHS Foundation Trust, NHS Blackpool Clinical Commissioning Group (CCG) and NHS Fylde and Wyre CCG said services were open and operating “as best as possible” but asked patients only to attend A&E in life-threatening and urgent cases. | Blackpool Teaching Hospitals NHS Foundation Trust, NHS Blackpool Clinical Commissioning Group (CCG) and NHS Fylde and Wyre CCG said services were open and operating “as best as possible” but asked patients only to attend A&E in life-threatening and urgent cases. |
| Asked during a visit to Oxfordshire on Monday morning if the government had ignored warnings about the vulnerability of the NHS to cyber-attacks, Theresa May said: “No. It was clear warnings were given to hospital trusts but this is not something that focused on attacking the NHS here on the UK.” | |
| She added: “Europol say there are 200,000 victims across the world. Cybersecurity is an issue that we need to address. That’s why the government, when we came into government in 2010, put money into cybersecurity. | She added: “Europol say there are 200,000 victims across the world. Cybersecurity is an issue that we need to address. That’s why the government, when we came into government in 2010, put money into cybersecurity. |
| “It’s why we are putting £2bn into cybersecurity over the coming years and, of course, created the National Cyber Security Centre. We take cybersecurity seriously.” | “It’s why we are putting £2bn into cybersecurity over the coming years and, of course, created the National Cyber Security Centre. We take cybersecurity seriously.” |
| May’s spokesman said: “There’s been much focus on the idea that NHS systems were running this XP Windows system. Firstly, other Windows systems were affected. This was not in any way limited to XP and more broadly on that, the percentage of NHS [England] systems that were running XP fell from 15-18% in December 2015 to 4.7% now.” | |
| Hunt said it was “encouraging” that no further attacks on the NHS had been identified. | Hunt said it was “encouraging” that no further attacks on the NHS had been identified. |
| The chief executive of NHS Providers, Chris Hopson, said it was important not to engage in “NHS bashing”. | The chief executive of NHS Providers, Chris Hopson, said it was important not to engage in “NHS bashing”. |
| “The quick rush by some to lay the blame on ‘incompetent NHS managers’ is disappointing,” he said. “It feels like the usual NHS bashing and is unsupported by evidence. This unfortunate blame game may in part be down to the fact that we are in the middle of a general election campaign.” | “The quick rush by some to lay the blame on ‘incompetent NHS managers’ is disappointing,” he said. “It feels like the usual NHS bashing and is unsupported by evidence. This unfortunate blame game may in part be down to the fact that we are in the middle of a general election campaign.” |