show image

The NHS is still not prepared for another major cyber attack, PAC warns

The government has come under fire for failing to sufficiently improve the NHS’s cyber security provision following the WannaCry attack that forced doctors to cancel thousands of appointments and operations last May.

In a damning report published on Tuesday, the Public Accounts Committee warned that NHS bodies and the Department for Health and Social Care still have significant work to do to improve security.

The department, in collaboration with the NHS, published 22 recommendations in February for boosting the health service’s cyber security, but the government does not know how much they will cost or when they will be implemented.

Meg Hillier, the chair of the PAC, said in a statement: “Government must get a grip on the vulnerabilities of and challenges facing local organisations, as well as the financial implications of WannaCry and future attacks across the NHS.”

She added: “Cyber security investment cannot be properly targeted unless this information is collected and understood. There is much important work to do and we urge the Department to provide us with an update by the end of June.”

The National Audit Office reported in October that was WannaCry a “relatively unsophisticated” strike and had led to the cancellation of an estimated 19,500 appointments and operations across 81 trusts in England.