5 February 2018
BCS, The Chartered Institute for IT has welcomed publication of the ‘Lessons learned review of the WannaCry Ransomware Cyber Attack’, which contains a number of recommendations aimed at strengthening the resilience and preparedness of the health and social care system against future cyber-attacks.
The report highlights a number of key roles and responsibilities for various players across the health and care system, which, once in place, will move towards a robust and effective approach to defending our health and care system against future cyber-attacks. This mirrors the themes set out in the BCS Blueprint for Cyber Security in Health and Care which it issued in conjunction with the likes of the Patients Association, Royal College of Nursing, BT and others last June in the wake of the attack.
David Evans, Director of Policy says: “The report underscores the importance of the people with critical roles in protecting the NHS. The only way the public can be assured the NHS is properly protected from cyber threats is by having a trustworthy professional community in place. That community needs to not only take responsibility for protecting the public, but for doing so cost-effectively. A failure to invest effectively in protection puts us all at risk, but a pound spent on cyber security more than is needed is a pound that could be spent elsewhere. This is a huge responsibility, and the profession needs to convene and step up.
“We are pleased to see that the report accepted one of our recommendations which called for the development of a professional community network for cyber and information security across the health and social care system. We look forward to working to deliver that alongside NHS Digital, Health Education England and the NHS Digital Academy.
“We are also pleased to see that the report acknowledges our call that as well as making provision to develop current and future health care digital leaders and drive professionalism, it also takes up our recommendation that NHS Boards are fully trained and equipped to understand and respond to future cyber-attacks.
“Ultimately, the first duty of our health and care system is to the public, our communities and loved ones. In the wake of the WannaCry attack and its devastating effect on large parts of the NHS, they need to know that their health providers’ computer systems are as reliable as the doctors and nurses that make our NHS the envy of the world. Whilst, as the report acknowledges, future cyber-attacks are an inevitability, this ‘lessons learned’ report must be funded and acted upon. We must never again expect our NHS to be unprepared, as it was on 12 May 2017, and until these recommendations area accepted and implemented, that situation continues.”
The Blueprint outlines a roadmap with steps that NHS trusts should take to avoid another crippling cyber-attack. Top of the list is ensuring there are clearly laid out standards for accrediting relevant IT professionals. NHS boards are being urged to ensure they understand their responsibilities, and how to make use of registered cyber security experts. The number of properly qualified and registered IT professionals also needs to be increased.