Government’s lack of action on WannaCry is ‘alarming’ – PAC

Written by Sam Trendall on 18 April 2018 in News
News

Report from MPs says that, a year on from the cyberattack, government and the NHS must now take action

Almost a year on from WannaCry, the Public Accounts Committee has expressed is alarm at how little action has been taken “to improve cybersecurity for when, and not if, there is another attack”.

In February, NHS England and the Department of Health and Social Care published a review of the lessons that have been learned from the WannaCry attack. A PAC report published today expressed concern that, more than 11 months after the ransomware assault, these lessons have yet to translate into the necessary implementation initiatives. 

MPs have instructed the department and the wider NHS to formalise an action plan and report back to the committee by the end of June.

PAC said: “The department and its national bodies should urgently consider and agree implementation plans arising from the recommendations within their Lessons Learned… document, prioritising and costing actions, setting a clear timetable, and ensuring national and local roles, responsibilities, and oversight arrangements are clear.”

MPs added that the plans should include details of likely financial cost, and must make clear what NHS bodies at both a national and local level should do during a cyberattack – including setting out arrangements for various communications channels if email, for example, is compromised. Central government should also support local NHS entities in rolling out cybersecurity improvements, the committee said.


Related content


This help should include a clear plan for “how local systems can be updated whilst minimising disruption to services, and [providing] guidance and support to do this”. All suppliers of IT and medical technology should also hold some form of cybersecurity accreditation, MPs said, while NHS staffing plans at both a local and national level ought to “include a focus on IT and cyber skills”.

In implementing these recommendations, the department is encouraged to work closely with the Cabinet Office and the wider civil service, as well as the National Cyber Security Centre.

PAC chair Meg Hillier said: “The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cybersecurity and response plans of the NHS. But the impact on patients and the service more generally could have been far worse, and government must waste no time in preparing for future cyberattacks—something it admits are now a fact of life. It is therefore alarming that, nearly a year on from WannaCry, plans to implement the lessons learned are still to be agreed.”

A spokesperson for the Department of Health and Social Care said: “Every part of the NHS must be clear that it has learned the lessons of Wannacry. The health service has improved its cybersecurity since the attack, but there is more work to do to protect data and patient care.

“We have supported that work by investing over £60m to address key cybersecurity weaknesses – and plan to spend a further £150m over the next two years to improve resilience, including setting up a new National Secure Operations Centre to boost our ability to prevent, detect and respond to incidents.”

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Related Sponsored Articles

Augmented Intelligence: digital transformation with humans in the loop
20 August 2019

BT reviews an event looking at how man and machine are working together to drive digital transformation

Why you need to understand your application landscape before you transform your network
13 August 2019

Migrating to the cloud or moving to a future network can be a risky business. BT explains how managing applications is important for end user experience, productivity and for understanding and...

Build the network your business needs to thrive
6 August 2019

BT presents a new eGuide, looking at how to build infrastructure able to support growth both now and into the future 

Trends to Watch: Network Services
30 July 2019

BT spoke with Ovum's Brian Washburn about the network trends taking place in 2019, covering SD-WAN, NFV, hybrid networking and cloud connectivity services