Cookie policy: This site uses cookies (small files stored on your computer) to simplify and improve your experience of this website. Cookies are small text files stored on the device you are using to access this website. For more information please take a look at our terms and conditions. Some parts of the site may not work properly if you choose not to accept cookies.

Join

Subscribe or Register

Existing user? Login

Cyber attack

NHS Digital admits it did not communicate effectively during cyber attack

The WannaCry attack affected many NHS organisations in England, and some organisations completely shut down their IT systems as a precautionary measure.

hacker and computer

Source: Shutterstock.com

The WannaCry attack affected many NHS organisations in England, and some organisations completely shut down their IT systems as a precautionary measure

Security operations lead for data security at NHS Digital said that the organisation “got it wrong” when communicating the details of the WannaCry cyber attack earlier this year.

The WannaCry attack, on 12 May, affected many NHS organisations in England, many of whom were unable to access their IT systems, and some completely shut down their IT systems as a precautionary measure.

Speaking on a panel at the UK Health Show on 27 September 2017, Chris Flynn said four hours had passed after receiving the first reports of the attack before NHS Digital issued a statement. As a result, a number of local organisations unnecessarily shut down vital communication connections meaning that they did not receive important information about what to do next.

“We did not communicate as well as we could have done and some of the methods used by trusts to protect themselves as a result didn’t help,” said Flynn.

“Over the course of the weekend, we issued around 12 pieces of information but there were pockets of the population who did not receive any of it because they had drawn up a drawbridge.

“We needed to get ahead of the curve but there was a vacuum of information for [a number of] hours,” he added.

Also on the panel were Tracey Scotter, former director of ICT and Andy Vernon, current director of ICT from Sheffield Teaching Hospitals NHS Foundation Trust. Scotter explained that one of the key barriers during the attack was not having a thorough understanding of the IT landscape and that a key learning was that organisations educate themselves now, so that they are prepared.

“It was a bit like operating in a void, we were under intense pressure to answer lots of questions — we got answers from the BBC website in the end.

“You can never do enough prep but doing as much as you can is important,” she added.

Vernon, however, said that instead of being critical it was important that organisations learnt from these events and built good working relationships.

“We just need to move forward to get to a position where we learn how to collaborate and share information,” he said.

“We are one system trying to defend ourselves against quite a difficult set of threats so we need to find ways to share information and expertise.”

He added that it was also necessary to find channels of communication independent of the core networks to ensure that NHS colleagues could still contact one another in the event of an attack.

Flynn said that the cyber attack had put cyber security on the national agenda at a senior level but emphasised that it was everyone’s responsibility. “Not taking corporate devices and connecting to an insecure network — this is one thing people do without thinking.

“We need to make sure that people are fundamentally aware of cyber security,” he said.

It is believed that some 16 NHS organisations were affected by the cyber attack including pharmacies.

Citation: The Pharmaceutical Journal DOI: 10.1211/PJ.2017.20203642

Have your say

For commenting, please login or register as a user and agree to our Community Guidelines. You will be re-directed back to this page where you will have the ability to comment.

Recommended from Pharmaceutical Press

Search an extensive range of the world’s most trusted resources

Powered by MedicinesComplete
  • Print
  • Share
  • Comment
  • Save
  • Print Friendly Version of this pagePrint Get a PDF version of this webpagePDF

Supplementary images

  • hacker and computer

Newsletter Sign-up

Want to keep up with the latest news, comment and CPD articles in pharmacy and science? Subscribe to our free alerts.