A lack of accountability and investment in cyber security measures has been blamed for the recent Wannacry virus that hit NHS IT systems last month, a report released today by The Chartered Institute for IT has found.
The report comes following a similar, but more limited attack that hit UK-based companies this week.
Whilst doing the best with the limited resources available, the report suggests some hospital IT teams lacked access to trained, registered and accountable cyber security professionals with the power to assure hospital Boards that computer systems were fit for purpose.
The healthcare sector has struggled to keep pace with cyber security best practice and with a systemic lack of investment, ultimately, the Wannacry attack was an, ‘inevitability’, David Evans, Director of Community & Policy at The Chartered Institute for IT says.
Mr Evans continued: “Patients should be able to trust that hospital computer systems are as solid as the first-class doctors and nurses that make our NHS the envy of the world.
“Unfortunately, without the necessary IT professionals, proper investment and training the damage caused by the Wannacry ransomware virus was an inevitability, but with the roadmap we are releasing today, will make it less likely that such an attack will have the same impact in the future.”
The Chartered Institute of IT has joined forces with the Patient’s Association, the Royal College of Nursing, BT and Microsoft to produce a blueprint that outlines steps NHS trusts should take to avoid another crippling cyber attack. Top of the list is ensuring there are clearly laid out standards for accrediting relevant IT professionals. NHS board are being urged to ensure they understand their responsibilities, and how to make use of registered cyber security experts. And the number of properly qualified and registered IT professionals needs to be increased.
Almost 50 NHS Trusts were hit last month by the Wannacry cyber attack. It meant computers were encrypted and unusable in many areas of the health service, with hackers threatening that valuable files would be lost forever unless a ransom was paid. It led to operations and appointments being cancelled, and patients were still being diverted from accident and emergency departments six days later.
About BCS
BCS, The Chartered Institute for IT is here to make IT good for society. We promote wider social and economic progress through the advancement of information technology science and practice. We bring together industry, academics, practitioners and government to share knowledge, promote new thinking, inform the design of new curricula, shape public policy and inform the public.
Our 73,000 strong membership includes practitioners, businesses, academics and students in the UK and internationally. We deliver a range of professional development tools for practitioners and employees. A leading IT qualification body, we offer a range of widely recognised qualifications.
BCS The Chartered Institute for IT First Floor Block D North Star House North Star Avenue Swindon SN2 1FA. BCS, The Chartered Institute for IT is the business name of The British Computer Society (Registered charity no. 292786) 2017
