Following a massive ransomware attack last week, outdated NHS systems will be replaced by March 2018
30 January 2018
Following a massive ransomware attack last week, Health Secretary Jeremy Hunt has pledged to upgrade NHS systems within ten months.
The fact that NHS institutions were the worst victims of the WannaCry ransomware attack on Friday didn't come as a surprise to many security experts. NHS hospitals and trusts have been known to be victimised by hackers in the recent past mainly due to 'widespread' use of unsupported Windows XP operating system. In 2015, nearly half of NHS trusts in England were hit by ransomware, according to data obtained by NCC Group via a freedom of information request.
However, Hunt says that major progress has been made so far and that he aims to eliminate use of Windows XP in NHS institutions by the end of March next year.
“Just 18 months ago nearly 20 per cent of our NHS devices were running on XP – that’s been reduced to 4.7 per cent, so real effort has been made,” he said, three full days after the cyber-attack and accusations on him 'hiding from the public.' “According to our latest intelligence, we have not seen a second wave of attacks. And the level of criminal activity is at the lower end of the range that we had anticipated and so I think that is encouraging,” he added.
“While many authorities now only use a small number of devices that run Windows XP, the transition to a newer operating system needs to happen as a matter of urgency," said Citrix director of sales for the UK and Ireland Jon Cook.
“With the health sector accounting for the most data security breaches across all public sector departments, it is critical that up-to-date and secure software is in place to safeguard patient data against cyber attackers,” he added.
Security researches had warned the impact of WannaCry ransomware could escalate after the hospitals re-opened.
“It’s likely that successful attacks that haven’t yet become apparent will become apparent. And also existing known infections can spread, we can’t say what scale the new cases will occur at but it’s likely there will be some,” said Ciaran Martin, chief executive of the National Cyber Security Centre to the Press Association.
According to a report from Business Reporter, “approximately 70 per cent of (NHS) Trusts said they had limited training programmes if any in place to safeguard organisational information, including patient records, for staff using personal devices.
“Another factor is that NHS trusts (and the NHS itself) are complex organisations that involves many disparate entities that communicate using different (or absent) security protocols – which gives hackers plenty of opportunity,” the report added.
This article was published in our Business Reporter Online: Cyber Security.