Advertisement
U.S. markets open in 8 minutes
  • S&P Futures

    5,309.00
    +0.75 (+0.01%)
     
  • Dow Futures

    40,184.00
    +40.00 (+0.10%)
     
  • Nasdaq Futures

    18,500.75
    -3.00 (-0.02%)
     
  • Russell 2000 Futures

    2,141.60
    +3.20 (+0.15%)
     
  • Crude Oil

    82.46
    +1.11 (+1.36%)
     
  • Gold

    2,232.50
    +19.80 (+0.89%)
     
  • Silver

    24.77
    +0.02 (+0.07%)
     
  • EUR/USD

    1.0810
    -0.0020 (-0.18%)
     
  • 10-Yr Bond

    4.2060
    +0.0100 (+0.24%)
     
  • Vix

    12.96
    +0.18 (+1.41%)
     
  • GBP/USD

    1.2637
    -0.0001 (-0.01%)
     
  • USD/JPY

    151.3350
    +0.0890 (+0.06%)
     
  • Bitcoin USD

    70,618.07
    -672.98 (-0.94%)
     
  • CMC Crypto 200

    885.54
    0.00 (0.00%)
     
  • FTSE 100

    7,954.00
    +22.02 (+0.28%)
     
  • Nikkei 225

    40,168.07
    -594.66 (-1.46%)
     

'Alarming' lack of cyber security skills in the NHS raises hacking fears

The WannaCry cyber attack compromised NHS computers in May 2017 - AP
The WannaCry cyber attack compromised NHS computers in May 2017 - AP

A quarter of NHS trusts in England and Wales have failed to give staff specialist cyber security training, despite the devastating Wannacry cyber attack that crippled hospital computers last year. 

On average, trusts have just one member of staff with professional security credentials per 2,628 employees, according to Freedom of Information requests by security company Redscan.

Some large trusts, with up to 16,000 total employees, do not have any formally qualified security professionals, the research found. 

“Individual trusts are lacking in-house cyber security talent and many are falling short of training targets,” said Mark Nicholls, director of cyber security at Redscan.

“The extent of the discrepancies is alarming, as some NHS organisations are far better resourced, funded and trained than others.”

Redscan submitted Freedom of Information requests to more than 200 trusts for the period between August 2017 and August 2018.

Spending by the organisations varied significantly, with trusts of between 3,000 and 4,000 staff spending between £500 and £33,000 on cyber security training. One hundred and eight trusts responded Redscan's requests.

The report comes after a May 2017 global cyber attack knocked out thousands of NHS computers with ransomware that shut down the PCs demanding payments in the cryptocurrency Bitcoin.

The "WannaCry" cyber attack, originating from North Korean hackers, spread through global computers but proved particularly damaging to the NHS.

Some 19,000 appointments were cancelled between  12 May and 19 May. The attack cost the NHS £92m in handling the immediate aftermath and the clean up costs. 

At the time, some trusts were criticised for using outdated software, such as the 17-year-old Windows XP operating system that is vulnerable to hacking. 

Mr Nicholls said: “These findings shine a light on the cyber security failings of the NHS, which is struggling to implement a cohesive security strategy under difficult circumstances.”

Nicholls added that competing against private sector offerings for jobs could be pricing the NHS out of the best security experts.

Experts believe the NHS is a high-profile target for hackers because medical records on their databases can be worth ten times more than credit card numbers when sold on the deep web. 

Fraudsters often buy them to create fake IDs so they can get hold of drugs and medical equipment. They can also use the details to place false insurance claims on behalf of patients or to blackmail victims. 

The government has promised £150m to modernise the NHS computer systems and cyber security.

Advertisement