Government’s lack of action on WannaCry is ‘alarming’ – PAC

Written by Sam Trendall on 18 April 2018 in News
News

Report from MPs says that, a year on from the cyberattack, government and the NHS must now take action

Almost a year on from WannaCry, the Public Accounts Committee has expressed is alarm at how little action has been taken “to improve cybersecurity for when, and not if, there is another attack”.

In February, NHS England and the Department of Health and Social Care published a review of the lessons that have been learned from the WannaCry attack. A PAC report published today expressed concern that, more than 11 months after the ransomware assault, these lessons have yet to translate into the necessary implementation initiatives. 

MPs have instructed the department and the wider NHS to formalise an action plan and report back to the committee by the end of June.

PAC said: “The department and its national bodies should urgently consider and agree implementation plans arising from the recommendations within their Lessons Learned… document, prioritising and costing actions, setting a clear timetable, and ensuring national and local roles, responsibilities, and oversight arrangements are clear.”

MPs added that the plans should include details of likely financial cost, and must make clear what NHS bodies at both a national and local level should do during a cyberattack – including setting out arrangements for various communications channels if email, for example, is compromised. Central government should also support local NHS entities in rolling out cybersecurity improvements, the committee said.


Related content


This help should include a clear plan for “how local systems can be updated whilst minimising disruption to services, and [providing] guidance and support to do this”. All suppliers of IT and medical technology should also hold some form of cybersecurity accreditation, MPs said, while NHS staffing plans at both a local and national level ought to “include a focus on IT and cyber skills”.

In implementing these recommendations, the department is encouraged to work closely with the Cabinet Office and the wider civil service, as well as the National Cyber Security Centre.

PAC chair Meg Hillier said: “The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cybersecurity and response plans of the NHS. But the impact on patients and the service more generally could have been far worse, and government must waste no time in preparing for future cyberattacks—something it admits are now a fact of life. It is therefore alarming that, nearly a year on from WannaCry, plans to implement the lessons learned are still to be agreed.”

A spokesperson for the Department of Health and Social Care said: “Every part of the NHS must be clear that it has learned the lessons of Wannacry. The health service has improved its cybersecurity since the attack, but there is more work to do to protect data and patient care.

“We have supported that work by investing over £60m to address key cybersecurity weaknesses – and plan to spend a further £150m over the next two years to improve resilience, including setting up a new National Secure Operations Centre to boost our ability to prevent, detect and respond to incidents.”

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

AI fought the law?
4 October 2019

The relationship between artificial intelligence and the law is receiving ever greater focus – while somehow becoming less clear. PublicTechnology looks at the role that regulators and...

The greatest glitch in government
8 November 2019

In 2017, the NHS was the most high-profile victim of an international cyberattack. With the imminent phasing-out of support for Windows 7, Guinevere Poncia asks how government institutions are...

Related Sponsored Articles

Case Study: Cryptocurrency, connectivity and the cloud
12 November 2019

BT presents findings from cryptocurrency firm Gemini on how they're providing customers with direct connectivity thanks to the Radianz network

How do changing user expectations shape our approach to security?
29 October 2019

BT interviews Chris Roberts from Cisco to discuss the impact of our fast-paced culture on an enterprise’s network security measure

"Cyber crime is big business": Cyber awareness month
22 October 2019

As part of October’s Cyber Security Awareness Month, BT is sharing their top tips on how keep information secure for both you and your organisation