This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.
You can find the current article at its original source at https://www.theguardian.com/technology/2018/feb/05/every-nhs-trust-tested-for-cyber-security-has-failed-officials-admit
The article has changed 6 times. There is an RSS feed of changes available.
| Version 4 | Version 5 |
|---|---|
| Every NHS trust tested for cybersecurity has failed, officials admit | Every NHS trust tested for cybersecurity has failed, officials admit |
| (13 days later) | |
| Every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required, civil servants have said for the first time. | Every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required, civil servants have said for the first time. |
| In a parliamentary hearing on the WannaCry attack which disrupted parts of the NHS last year, Department of Health (DoH) officials said all 200 trusts had failed, despite increases in security provision. | In a parliamentary hearing on the WannaCry attack which disrupted parts of the NHS last year, Department of Health (DoH) officials said all 200 trusts had failed, despite increases in security provision. |
| The WannaCry attack that began on 12 May is believed to have infected machines at 81 health trusts – nearly a third of the 236 NHS trusts in England - plus computers at almost 600 GP surgeries, according to a National Audit Office (NAO) report released in October. | The WannaCry attack that began on 12 May is believed to have infected machines at 81 health trusts – nearly a third of the 236 NHS trusts in England - plus computers at almost 600 GP surgeries, according to a National Audit Office (NAO) report released in October. |
| The National Cyber Security Centre [NCSC] has said it was “highly likely” the attack was carried out by a North Korea cyber organisation known as the Lazarus Group. | The National Cyber Security Centre [NCSC] has said it was “highly likely” the attack was carried out by a North Korea cyber organisation known as the Lazarus Group. |
| Rob Shaw, the NHS Digital deputy chief executive Rob Shaw said trusts were still failing to meet cyber security standards, admitting some have a “considerable amount” of work to do. | Rob Shaw, the NHS Digital deputy chief executive Rob Shaw said trusts were still failing to meet cyber security standards, admitting some have a “considerable amount” of work to do. |
| Appearing before the Commons’ public accounts committee, he said the department had completed 200 on-site assessments but none had matched the “high bar” set out by the national data guardian, Dame Fiona Caldicott. | Appearing before the Commons’ public accounts committee, he said the department had completed 200 on-site assessments but none had matched the “high bar” set out by the national data guardian, Dame Fiona Caldicott. |
| “The amount of effort it takes from NHS Providers in such a complex estate to reach the cyber essentials plus standard that we assess against as per the recommendation in Dame Fiona Caldicott’s report, is quite a high bar. So some of them have failed purely on patching which is what the vulnerability was around WannaCry,” he said. | “The amount of effort it takes from NHS Providers in such a complex estate to reach the cyber essentials plus standard that we assess against as per the recommendation in Dame Fiona Caldicott’s report, is quite a high bar. So some of them have failed purely on patching which is what the vulnerability was around WannaCry,” he said. |
| The NAO said the DoH was unable to give a cost for the impact of the outbreak and the full extent of the damage may never be known. | The NAO said the DoH was unable to give a cost for the impact of the outbreak and the full extent of the damage may never be known. |
| WannaCry was a type of malware known as a ransomware worm, capable of travelling from machine to machine directly, infecting new computers across corporate networks. | WannaCry was a type of malware known as a ransomware worm, capable of travelling from machine to machine directly, infecting new computers across corporate networks. |
| When it managed to infect a new machine, it first silently worked in the background to infiltrate itself within the operating system, then restarted the computer and began the process of encrypting the hard drive, rendering it impossible to read without the encryption key. Victims were offered the chance to buy the key for $300 (£214). | When it managed to infect a new machine, it first silently worked in the background to infiltrate itself within the operating system, then restarted the computer and began the process of encrypting the hard drive, rendering it impossible to read without the encryption key. Victims were offered the chance to buy the key for $300 (£214). |
| The NCSC did not release its findings, but other security researchers came to the same conclusion based on elements in the code of the program that were similar to known North Korean malware. | The NCSC did not release its findings, but other security researchers came to the same conclusion based on elements in the code of the program that were similar to known North Korean malware. |
| Simon Stevens, the chief executive of NHS England, told the meeting: “A whole bunch of things need to change.” | Simon Stevens, the chief executive of NHS England, told the meeting: “A whole bunch of things need to change.” |
| Data and computer security | Data and computer security |
| Malware | Malware |
| NHS | NHS |
| Health | Health |
| Hospitals | Hospitals |
| news | news |
| Share on Facebook | Share on Facebook |
| Share on Twitter | Share on Twitter |
| Share via Email | Share via Email |
| Share on LinkedIn | Share on LinkedIn |
| Share on Pinterest | Share on Pinterest |
| Share on Google+ | Share on Google+ |
| Share on WhatsApp | Share on WhatsApp |
| Share on Messenger | Share on Messenger |
| Reuse this content | Reuse this content |