Government’s lack of action on WannaCry is ‘alarming’ – PAC

Written by Sam Trendall on 18 April 2018 in News
News

Report from MPs says that, a year on from the cyberattack, government and the NHS must now take action

Almost a year on from WannaCry, the Public Accounts Committee has expressed is alarm at how little action has been taken “to improve cybersecurity for when, and not if, there is another attack”.

In February, NHS England and the Department of Health and Social Care published a review of the lessons that have been learned from the WannaCry attack. A PAC report published today expressed concern that, more than 11 months after the ransomware assault, these lessons have yet to translate into the necessary implementation initiatives. 

MPs have instructed the department and the wider NHS to formalise an action plan and report back to the committee by the end of June.

PAC said: “The department and its national bodies should urgently consider and agree implementation plans arising from the recommendations within their Lessons Learned… document, prioritising and costing actions, setting a clear timetable, and ensuring national and local roles, responsibilities, and oversight arrangements are clear.”

MPs added that the plans should include details of likely financial cost, and must make clear what NHS bodies at both a national and local level should do during a cyberattack – including setting out arrangements for various communications channels if email, for example, is compromised. Central government should also support local NHS entities in rolling out cybersecurity improvements, the committee said.


Related content


This help should include a clear plan for “how local systems can be updated whilst minimising disruption to services, and [providing] guidance and support to do this”. All suppliers of IT and medical technology should also hold some form of cybersecurity accreditation, MPs said, while NHS staffing plans at both a local and national level ought to “include a focus on IT and cyber skills”.

In implementing these recommendations, the department is encouraged to work closely with the Cabinet Office and the wider civil service, as well as the National Cyber Security Centre.

PAC chair Meg Hillier said: “The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cybersecurity and response plans of the NHS. But the impact on patients and the service more generally could have been far worse, and government must waste no time in preparing for future cyberattacks—something it admits are now a fact of life. It is therefore alarming that, nearly a year on from WannaCry, plans to implement the lessons learned are still to be agreed.”

A spokesperson for the Department of Health and Social Care said: “Every part of the NHS must be clear that it has learned the lessons of Wannacry. The health service has improved its cybersecurity since the attack, but there is more work to do to protect data and patient care.

“We have supported that work by investing over £60m to address key cybersecurity weaknesses – and plan to spend a further £150m over the next two years to improve resilience, including setting up a new National Secure Operations Centre to boost our ability to prevent, detect and respond to incidents.”

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Analyse and apologise – the six golden rules of social media in the public sector
25 July 2018

A range of organisations from across the public sector share their thoughts and experiences on commuters, creativity, and the pros and cons of ‘Manc humour’

GDS working with departments to mitigate reported leak of sensitive data
23 July 2018

Report reveals that information has been made publicly available online via an information-sharing tool widely used by government developers

Related Sponsored Articles

Don’t Gamble with your password resets!
20 June 2018

The cautionary tale of the Leicestershire teenager who hacked high-ranking officials of NATO allies shows the need for improved password security

Intelligent Connectivity: Boosting Flexibility and Control
13 August 2018

At BT, we realise that digital technology is changing the way we all do business. Make smart decisions with intelligent connectivity.

BT: Intelligent Connectivity is where it all begins. Smarter decisions are the end result
7 August 2018

At BT, we realise that digital technology is changing the way we all do business. Make smart decisions with intelligent connectivity.

Building nation-level defences to fight cyber crime
30 July 2018

BT's Mark Hughes argues that nation states should act now to put in place cyber defences to protect themselves from the most advanced threats ever seen.