SlideShare a Scribd company logo

The lessons learned from WannaCry.

D
dan hyde

The NHS is set to spend £150m on cyber security after WannaCry and the growing threat of cyber attacks

Technology
1 of 3
Download to read offline
A Cecile Park Media Publication | March 2018 17 NHS: The lessons learned from WannaCry On 1 February 2018 the Department of Health and Social Care (‘DHSC’) published its independent report entitled ‘Lessons learned review of the WannaCry Ransomware Cyber Attack’ (the ‘Report’). The stated aims of the Report were to analyse the lessons learned, assess the actions taken to date and to make clear recommendations on what further measures are required to ensure the entire health and social care system is as robust as it can be in reducing the risk and impact of a future cyber attack. Dan Hyde, Partner at Penningtons Manches, in this article examines the Report, providing insight into the background and context of the attack before assessing the Report’s findings. The background On Friday 12 May 2017 we witnessed a global ransomware attack now known as WannaCry. The attack was random and whilst one of the major victims was the NHS it was not a specific target. The cyber attack affected some 100 countries and in excess of 200,000 computers. The exact numbers and the cost to the NHS will never be known as, despite investigation by the DHSC and an earlier report by the National Audit Office, we are informed that the cost is not calculable as much of the relevant data was lost and is not retrievable. That, of itself, does not cast the NHS’s cyber security breach response plan in a positive light. The infection by the WannaCry ransomware was entirely avoidable. The ransomware attack was spread via the internet and affected the NHS which was exposed due to its unpatched Windows systems. This exposure would not have been fatal had effective firewalls been in place to repel the threat, but because firewalls had not been maintained even this basic defence shield was missing. Every single NHS organisation that was infected by WannaCry had unpatched or unsupported Windows operating systems that enabled virus infection. Significantly, in March 2017 Microsoft had issued updates that NHS Trusts using Windows 7 could have adopted to protect themselves. Further, on 17 March 2017, NHS Digital had issued a CareCERT briefing asking NHS Trusts to apply the Microsoft update. If the DHSC’s figures are to be relied upon, more than 90% of the devices in the NHS are operating on Windows 7, so 90% of those devices would have been protected if they had been patched in line with the NHS Digital request. Trusts running older Windows XP operating systems on devices had been expressly notified that they were to migrate away from their use, yet when the attack came on 12 May 2017, approximately 5% of the NHS was still reliant on an outdated Windows XP operating system. Windows XP can however be patched and following the attack, Microsoft issued an update for XP that would have prevented the ransomware infection. In the lead up to the attack the NHS had a culture of woeful cyber security non-compliance; at 12 May 2017 only 88 out of 236 Trusts had been subject to a cyber security inspection by NHS Digital. Of the 88 inspected not a single Trust passed. The inspections were voluntary and CareCERTs requesting CYBER SECURITY Dan Hyde Partner dan.hyde@penningtons.co.uk Penningtons Manches LLP, London
DIGITAL HEALTH LEGAL18 updates and other basic cyber security measures were treated as being voluntary and largely ignored. The NHS Trusts were silos and the DHSC had no knowledge as to which had complied with the requests. The DHSC was itself unprepared; it was warned a year before the attack that it was at risk, yet did not provide any written report in response until two months after the attack, in July. Unsurprisingly the NHS had a woefully inadequate breach response plan as well, which arguably wasn’t a plan at all but rather an unpractised and ineffective hypothetical policy that none of the key personnel were sufficiently familiar with. The recovery was aided by a cyber security researcher who activated a kill switch; his action prevented WannaCry locking out further systems and devices. That was by luck or intuition rather than design, as it was not in pursuit of any implemented national cyber security policy. NHS England’s IT department did not even have emergency facilities in place so that there was a reliance on IT staff attending work voluntarily to assist in firefighting. The National Cyber Security Centre and National Crime Agency also pitched in, assisting the NHS and other affected organisations - it is unclear just how much worse the lines of communication and impact might have been but for that external assistance. The lessons learned In its foreword, the DHSC claims: “The NHS responded well to what was an unprecedented incident, with no reports of harm to patients or of patient data being compromised or stolen.” This positive and debatable assertion is then tempered by the recognition that the incident highlighted areas for improvement both within local NHS organisations and across the NHS as a whole and that “since the attack, urgent action has been taken to tackle these challenges.” So - what has been learned and what action is being taken? The recommendations are detailed and far more thorough than measures previously identified. They include significant capital investment in cyber security and call for improvements in incident response, resilience, leadership and overall preparedness. A Cyber Handbook has been produced, setting out the approach and actions in the event of a cyber attack; significantly, the DHSC will take the lead, with NHS England responsible for coordinating the system response. Another important development is that the CareCert Collect Portal, an online self-service platform, has been launched by NHS Digital to encourage a proactive approach to cyber resilience, and plans are afoot to ensure care providers sign up to the Portal and apply critical high impact CareCERTs. This, if implemented, would go some way to patch up vulnerabilities, but it must be enforced and not left to the care providers. In summary: • Incident management is to be changed with the new approach set out in the Cyber Handbook. This seeks to establish the roles and responsibilities of the plethora of organisations that must coordinate their approach to an attack on the NHS. The Report recognises the need for cyber drills and recommends an annual national cyber rehearsal, together with regular local cyber incident tests. If implemented in a way that mimics the communication black out and impact of a cyber incident, this will be a huge stride forward. The danger is if the rehearsals are not an accurate recreation and lead to complacency. It is arguably better not to have a response plan at all than one that doesn’t function under the stress of an actual incident. • Communication is to be more coordinated. The incident room should ensure communication channels are clear and well managed, with consistent selection of the organisations called upon for assistance; this would avoid assistance providers responding with the same information to multiple requests. The heavy reliance on email should be addressed so that social media and other alternative communications platforms are available when email is taken down in a cyber attack. Continued testing of these alternatives will be crucial to ensure there is functional communication support. • Data collection will be improved via an established set of standard data requests by NHS England in the event of attack. This should improve the completeness of data to support incident management and reduce the burden of data collection when the attack is still live. Traditional paper-based processes will also be implemented where the incident management system is affected. Paper, it seems, has a place in cyber defence. • Resources must be available and include cyber accredited support. NHS Digital’s contact centre must be sufficiently staffed and develop its emergency on-call expertise to continued CYBER SECURITY The Report certainly reads well, but words are not enough; deeds and significant capital are required to implement these recommendations. image: Charlie Costello
A Cecile Park Media Publication | March 2018 19 NEWS ANALYSIS Headline Text ensure the right people are available to make key decisions and provide support. It is remarkable this was not already in place. Many of the NHS personnel dealing with WannaCry had no relevant experience of a cyber attack, there was a lack of IT staff and those that did help were often doing so on a voluntary firefighting basis. IT support teams are to be cyber accredited and include cyber support units with a developed and tested emergency response capability. So will these recommendations be effective? One concern is that the disjointed structure of the NHS gives little cause for hope. The DHSC has overall responsibility for cyber security, but this is delegated down to a myriad of Trusts, GP practices and social care providers. History tells us that these NHS organisations do not all march in step and have previously failed to heed security warnings or requests. That said, these recommendations are detailed and thorough; proper implementation will be key to their success. My own view is that there needs to be a compulsory scheme of regulation and a compliance regime with sharp teeth. There should be routine checks and sanctions for those who fail to adhere to CareCERTs or requests. The Report certainly reads well, but words are not enough; deeds and significant capital are required to implement these recommendations. Will this happen? Do not be in doubt, another major cyber attack will strike the NHS - and when it does we will have our answer. Costello / Unsplash.com

Recommended

Wannacry or learn?
Wannacry or learn?Wannacry or learn?
Wannacry or learn?dan hyde
 
NASCIO Cyber Disruption Response and Recovery
NASCIO Cyber Disruption Response and RecoveryNASCIO Cyber Disruption Response and Recovery
NASCIO Cyber Disruption Response and RecoveryDavid Sweigert
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
Data Driven Cybersecurity Governance
Data Driven Cybersecurity GovernanceData Driven Cybersecurity Governance
Data Driven Cybersecurity GovernanceDouglas Gray, CISSP, CISO
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity SurveyAdobe
 
A_New_Perspective_Whitepaper_05122015
A_New_Perspective_Whitepaper_05122015A_New_Perspective_Whitepaper_05122015
A_New_Perspective_Whitepaper_05122015Scott Van Valkenburgh
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
 
The Black Report - Hackers
The Black Report - HackersThe Black Report - Hackers
The Black Report - HackersDendreon
 

Recommended

Wannacry or learn?
Wannacry or learn?Wannacry or learn?
Wannacry or learn?dan hyde
 
NASCIO Cyber Disruption Response and Recovery
NASCIO Cyber Disruption Response and RecoveryNASCIO Cyber Disruption Response and Recovery
NASCIO Cyber Disruption Response and RecoveryDavid Sweigert
 
Whitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationWhitepaper | Cyber resilience in the age of digital transformation
Whitepaper | Cyber resilience in the age of digital transformationNexon Asia Pacific
 
Data Driven Cybersecurity Governance
Data Driven Cybersecurity GovernanceData Driven Cybersecurity Governance
Data Driven Cybersecurity GovernanceDouglas Gray, CISSP, CISO
 
2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity Survey2018 Adobe Cybersecurity Survey
2018 Adobe Cybersecurity SurveyAdobe
 
A_New_Perspective_Whitepaper_05122015
A_New_Perspective_Whitepaper_05122015A_New_Perspective_Whitepaper_05122015
A_New_Perspective_Whitepaper_05122015Scott Van Valkenburgh
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadRethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
 
The Black Report - Hackers
The Black Report - HackersThe Black Report - Hackers
The Black Report - HackersDendreon
 
HACKER-POWERED SECURITY REPORT
HACKER-POWERED SECURITY REPORT HACKER-POWERED SECURITY REPORT
HACKER-POWERED SECURITY REPORT E.S.G. JR. Consulting, Inc.
 
Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)PwC France
 
Novetta Entity Analytics
Novetta Entity AnalyticsNovetta Entity Analytics
Novetta Entity AnalyticsNovetta
 
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its NetworkWhy the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its NetworkNovetta
 
Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18 Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18 David Sweigert
 
Intelligence-Driven Security Strategy
Intelligence-Driven Security StrategyIntelligence-Driven Security Strategy
Intelligence-Driven Security StrategyEMC
 
Computer Security Incident Handling Guide
Computer Security Incident Handling GuideComputer Security Incident Handling Guide
Computer Security Incident Handling GuideMuhammad FAHAD
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum 2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum Carolyn Slade, MS-HIM
 
The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report Bricata, Inc.
 
Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...David Sweigert
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMatthew Rosenquist
 
Cyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachCyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachFletcher Media
 
US Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security InitiativesiUS Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security InitiativesiLindsey Landolfi
 
NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...
NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...
NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...North Texas Chapter of the ISSA
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 
Comprehensive Protection and Visibility into Advanced Email Attacks
Comprehensive Protection and Visibility into Advanced Email Attacks Comprehensive Protection and Visibility into Advanced Email Attacks
Comprehensive Protection and Visibility into Advanced Email Attacks Symantec
 
Cloud Computing: A Key to Effective & Efficient Disease Surveillance System
Cloud Computing: A Key to Effective & Efficient Disease Surveillance SystemCloud Computing: A Key to Effective & Efficient Disease Surveillance System
Cloud Computing: A Key to Effective & Efficient Disease Surveillance Systemidescitation
 
A cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internetA cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internetUltraUploader
 
The state of incident response
The state of incident responseThe state of incident response
The state of incident responseAbhishek Sood
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 
We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020Matthew Doyle
 
Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Dan L. Dodson
 

More Related Content

What's hot

Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)PwC France
 
Novetta Entity Analytics
Novetta Entity AnalyticsNovetta Entity Analytics
Novetta Entity AnalyticsNovetta
 
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its NetworkWhy the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its NetworkNovetta
 
Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18 Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18 David Sweigert
 
Intelligence-Driven Security Strategy
Intelligence-Driven Security StrategyIntelligence-Driven Security Strategy
Intelligence-Driven Security StrategyEMC
 
Computer Security Incident Handling Guide
Computer Security Incident Handling GuideComputer Security Incident Handling Guide
Computer Security Incident Handling GuideMuhammad FAHAD
 
The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report Bricata, Inc.
 
Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...David Sweigert
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMatthew Rosenquist
 
Cyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachCyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachFletcher Media
 
US Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security InitiativesiUS Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security InitiativesiLindsey Landolfi
 
NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...
NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...
NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...North Texas Chapter of the ISSA
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDoug Copley
 
Comprehensive Protection and Visibility into Advanced Email Attacks
Comprehensive Protection and Visibility into Advanced Email Attacks Comprehensive Protection and Visibility into Advanced Email Attacks
Comprehensive Protection and Visibility into Advanced Email Attacks Symantec
 
Cloud Computing: A Key to Effective & Efficient Disease Surveillance System
Cloud Computing: A Key to Effective & Efficient Disease Surveillance SystemCloud Computing: A Key to Effective & Efficient Disease Surveillance System
Cloud Computing: A Key to Effective & Efficient Disease Surveillance Systemidescitation
 
A cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internetA cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internetUltraUploader
 
The state of incident response
The state of incident responseThe state of incident response
The state of incident responseAbhishek Sood
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attackAndreanne Clarke
 

What's hot (20)

HACKER-POWERED SECURITY REPORT
HACKER-POWERED SECURITY REPORT HACKER-POWERED SECURITY REPORT
HACKER-POWERED SECURITY REPORT
 
Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)Etude PwC sécurité de l’information et protection des données (2014)
Etude PwC sécurité de l’information et protection des données (2014)
 
Novetta Entity Analytics
Novetta Entity AnalyticsNovetta Entity Analytics
Novetta Entity Analytics
 
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its NetworkWhy the DoD Uses Advanced Network-traffic Analytics to Secure its Network
Why the DoD Uses Advanced Network-traffic Analytics to Secure its Network
 
Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18 Michigan Cyber TTX response planning ESF 18
Michigan Cyber TTX response planning ESF 18
 
Intelligence-Driven Security Strategy
Intelligence-Driven Security StrategyIntelligence-Driven Security Strategy
Intelligence-Driven Security Strategy
 
Computer Security Incident Handling Guide
Computer Security Incident Handling GuideComputer Security Incident Handling Guide
Computer Security Incident Handling Guide
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum 2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 
The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report The top challenges to expect in network security in 2019 survey report
The top challenges to expect in network security in 2019 survey report
 
Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...Integration of cyber security incident response with IMS -- an approach for E...
Integration of cyber security incident response with IMS -- an approach for E...
 
McAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats PredictionsMcAfee Labs 2017 Threats Predictions
McAfee Labs 2017 Threats Predictions
 
Cyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data BreachCyber Security Planning: Preparing for a Data Breach
Cyber Security Planning: Preparing for a Data Breach
 
US Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security InitiativesiUS Government Software Assurance and Security Initiativesi
US Government Software Assurance and Security Initiativesi
 
NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...
NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...
NTXISSACSC3 - Fundamentals Matter - A Brief Introduction to Risk Analysis for...
 
Demonstrating Information Security Program Effectiveness
Demonstrating Information Security Program EffectivenessDemonstrating Information Security Program Effectiveness
Demonstrating Information Security Program Effectiveness
 
Comprehensive Protection and Visibility into Advanced Email Attacks
Comprehensive Protection and Visibility into Advanced Email Attacks Comprehensive Protection and Visibility into Advanced Email Attacks
Comprehensive Protection and Visibility into Advanced Email Attacks
 
Cloud Computing: A Key to Effective & Efficient Disease Surveillance System
Cloud Computing: A Key to Effective & Efficient Disease Surveillance SystemCloud Computing: A Key to Effective & Efficient Disease Surveillance System
Cloud Computing: A Key to Effective & Efficient Disease Surveillance System
 
A cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internetA cooperative immunization system for an untrusting internet
A cooperative immunization system for an untrusting internet
 
The state of incident response
The state of incident responseThe state of incident response
The state of incident response
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attack
 

Similar to The lessons learned from WannaCry.

We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020Matthew Doyle
 
Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Dan L. Dodson
 
The Menace of Ransomware Attacks on Healthcare Systems.pdf
The Menace of Ransomware Attacks on Healthcare Systems.pdfThe Menace of Ransomware Attacks on Healthcare Systems.pdf
The Menace of Ransomware Attacks on Healthcare Systems.pdfCIOWomenMagazine
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
HIMSS seeks HIPAA Cybersecurity Framework clarifications from NIST
HIMSS seeks HIPAA Cybersecurity Framework clarifications from NISTHIMSS seeks HIPAA Cybersecurity Framework clarifications from NIST
HIMSS seeks HIPAA Cybersecurity Framework clarifications from NISTDavid Sweigert
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALIJNSA Journal
 
Combating COVID-19 with 5G
Combating COVID-19 with 5GCombating COVID-19 with 5G
Combating COVID-19 with 5GSarhan, Ahmed
 
How to handle Cyber Risk Management in Healthcare.docx.pdf
How to handle Cyber Risk Management in Healthcare.docx.pdfHow to handle Cyber Risk Management in Healthcare.docx.pdf
How to handle Cyber Risk Management in Healthcare.docx.pdfSecureCurve
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALSteve Knapp
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTDavid Sweigert
 
Best 3 Cyber Threats in Healthcare Organizations Today | The Lifesciences Mag...
Best 3 Cyber Threats in Healthcare Organizations Today | The Lifesciences Mag...Best 3 Cyber Threats in Healthcare Organizations Today | The Lifesciences Mag...
Best 3 Cyber Threats in Healthcare Organizations Today | The Lifesciences Mag...The Lifesciences Magazine
 
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...Steve Fantauzzo
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
 
Healthcare Information Technology Trends.docx
Healthcare Information Technology Trends.docxHealthcare Information Technology Trends.docx
Healthcare Information Technology Trends.docxwrite4
 
The Case Study of an Early Warning Models for the Telecare Patients in Taiwan
The Case Study of an Early Warning Models for the Telecare Patients in TaiwanThe Case Study of an Early Warning Models for the Telecare Patients in Taiwan
The Case Study of an Early Warning Models for the Telecare Patients in TaiwanIJERA Editor
 
Make sure it is in APA 7 format and at least 3-4 paragraphs and refe.docx
Make sure it is in APA 7 format and at least 3-4 paragraphs and refe.docxMake sure it is in APA 7 format and at least 3-4 paragraphs and refe.docx
Make sure it is in APA 7 format and at least 3-4 paragraphs and refe.docxendawalling
 
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...Health 2Conf
 

Similar to The lessons learned from WannaCry. (20)

We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020We Need to Prioritize Cybersecurity in 2020
We Need to Prioritize Cybersecurity in 2020
 
Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016Fortified Health Security - Horizon Report 2016
Fortified Health Security - Horizon Report 2016
 
The Menace of Ransomware Attacks on Healthcare Systems.pdf
The Menace of Ransomware Attacks on Healthcare Systems.pdfThe Menace of Ransomware Attacks on Healthcare Systems.pdf
The Menace of Ransomware Attacks on Healthcare Systems.pdf
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
Ijnsa050201
Ijnsa050201Ijnsa050201
Ijnsa050201
 
HIMSS seeks HIPAA Cybersecurity Framework clarifications from NIST
HIMSS seeks HIPAA Cybersecurity Framework clarifications from NISTHIMSS seeks HIPAA Cybersecurity Framework clarifications from NIST
HIMSS seeks HIPAA Cybersecurity Framework clarifications from NIST
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
 
Technologies that will change The Future of Healthcare
Technologies that will change The Future of Healthcare Technologies that will change The Future of Healthcare
Technologies that will change The Future of Healthcare
 
Combating COVID-19 with 5G
Combating COVID-19 with 5GCombating COVID-19 with 5G
Combating COVID-19 with 5G
 
How to handle Cyber Risk Management in Healthcare.docx.pdf
How to handle Cyber Risk Management in Healthcare.docx.pdfHow to handle Cyber Risk Management in Healthcare.docx.pdf
How to handle Cyber Risk Management in Healthcare.docx.pdf
 
Healthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINALHealthcare Cybersecurity Whitepaper FINAL
Healthcare Cybersecurity Whitepaper FINAL
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
 
Best 3 Cyber Threats in Healthcare Organizations Today | The Lifesciences Mag...
Best 3 Cyber Threats in Healthcare Organizations Today | The Lifesciences Mag...Best 3 Cyber Threats in Healthcare Organizations Today | The Lifesciences Mag...
Best 3 Cyber Threats in Healthcare Organizations Today | The Lifesciences Mag...
 
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
Healthcare Information Technology Trends.docx
Healthcare Information Technology Trends.docxHealthcare Information Technology Trends.docx
Healthcare Information Technology Trends.docx
 
The Case Study of an Early Warning Models for the Telecare Patients in Taiwan
The Case Study of an Early Warning Models for the Telecare Patients in TaiwanThe Case Study of an Early Warning Models for the Telecare Patients in Taiwan
The Case Study of an Early Warning Models for the Telecare Patients in Taiwan
 
Make sure it is in APA 7 format and at least 3-4 paragraphs and refe.docx
Make sure it is in APA 7 format and at least 3-4 paragraphs and refe.docxMake sure it is in APA 7 format and at least 3-4 paragraphs and refe.docx
Make sure it is in APA 7 format and at least 3-4 paragraphs and refe.docx
 
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
 

Recently uploaded

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Recently uploaded (20)

Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

The lessons learned from WannaCry.

  • 1. A Cecile Park Media Publication | March 2018 17 NHS: The lessons learned from WannaCry On 1 February 2018 the Department of Health and Social Care (‘DHSC’) published its independent report entitled ‘Lessons learned review of the WannaCry Ransomware Cyber Attack’ (the ‘Report’). The stated aims of the Report were to analyse the lessons learned, assess the actions taken to date and to make clear recommendations on what further measures are required to ensure the entire health and social care system is as robust as it can be in reducing the risk and impact of a future cyber attack. Dan Hyde, Partner at Penningtons Manches, in this article examines the Report, providing insight into the background and context of the attack before assessing the Report’s findings. The background On Friday 12 May 2017 we witnessed a global ransomware attack now known as WannaCry. The attack was random and whilst one of the major victims was the NHS it was not a specific target. The cyber attack affected some 100 countries and in excess of 200,000 computers. The exact numbers and the cost to the NHS will never be known as, despite investigation by the DHSC and an earlier report by the National Audit Office, we are informed that the cost is not calculable as much of the relevant data was lost and is not retrievable. That, of itself, does not cast the NHS’s cyber security breach response plan in a positive light. The infection by the WannaCry ransomware was entirely avoidable. The ransomware attack was spread via the internet and affected the NHS which was exposed due to its unpatched Windows systems. This exposure would not have been fatal had effective firewalls been in place to repel the threat, but because firewalls had not been maintained even this basic defence shield was missing. Every single NHS organisation that was infected by WannaCry had unpatched or unsupported Windows operating systems that enabled virus infection. Significantly, in March 2017 Microsoft had issued updates that NHS Trusts using Windows 7 could have adopted to protect themselves. Further, on 17 March 2017, NHS Digital had issued a CareCERT briefing asking NHS Trusts to apply the Microsoft update. If the DHSC’s figures are to be relied upon, more than 90% of the devices in the NHS are operating on Windows 7, so 90% of those devices would have been protected if they had been patched in line with the NHS Digital request. Trusts running older Windows XP operating systems on devices had been expressly notified that they were to migrate away from their use, yet when the attack came on 12 May 2017, approximately 5% of the NHS was still reliant on an outdated Windows XP operating system. Windows XP can however be patched and following the attack, Microsoft issued an update for XP that would have prevented the ransomware infection. In the lead up to the attack the NHS had a culture of woeful cyber security non-compliance; at 12 May 2017 only 88 out of 236 Trusts had been subject to a cyber security inspection by NHS Digital. Of the 88 inspected not a single Trust passed. The inspections were voluntary and CareCERTs requesting CYBER SECURITY Dan Hyde Partner dan.hyde@penningtons.co.uk Penningtons Manches LLP, London
  • 2. DIGITAL HEALTH LEGAL18 updates and other basic cyber security measures were treated as being voluntary and largely ignored. The NHS Trusts were silos and the DHSC had no knowledge as to which had complied with the requests. The DHSC was itself unprepared; it was warned a year before the attack that it was at risk, yet did not provide any written report in response until two months after the attack, in July. Unsurprisingly the NHS had a woefully inadequate breach response plan as well, which arguably wasn’t a plan at all but rather an unpractised and ineffective hypothetical policy that none of the key personnel were sufficiently familiar with. The recovery was aided by a cyber security researcher who activated a kill switch; his action prevented WannaCry locking out further systems and devices. That was by luck or intuition rather than design, as it was not in pursuit of any implemented national cyber security policy. NHS England’s IT department did not even have emergency facilities in place so that there was a reliance on IT staff attending work voluntarily to assist in firefighting. The National Cyber Security Centre and National Crime Agency also pitched in, assisting the NHS and other affected organisations - it is unclear just how much worse the lines of communication and impact might have been but for that external assistance. The lessons learned In its foreword, the DHSC claims: “The NHS responded well to what was an unprecedented incident, with no reports of harm to patients or of patient data being compromised or stolen.” This positive and debatable assertion is then tempered by the recognition that the incident highlighted areas for improvement both within local NHS organisations and across the NHS as a whole and that “since the attack, urgent action has been taken to tackle these challenges.” So - what has been learned and what action is being taken? The recommendations are detailed and far more thorough than measures previously identified. They include significant capital investment in cyber security and call for improvements in incident response, resilience, leadership and overall preparedness. A Cyber Handbook has been produced, setting out the approach and actions in the event of a cyber attack; significantly, the DHSC will take the lead, with NHS England responsible for coordinating the system response. Another important development is that the CareCert Collect Portal, an online self-service platform, has been launched by NHS Digital to encourage a proactive approach to cyber resilience, and plans are afoot to ensure care providers sign up to the Portal and apply critical high impact CareCERTs. This, if implemented, would go some way to patch up vulnerabilities, but it must be enforced and not left to the care providers. In summary: • Incident management is to be changed with the new approach set out in the Cyber Handbook. This seeks to establish the roles and responsibilities of the plethora of organisations that must coordinate their approach to an attack on the NHS. The Report recognises the need for cyber drills and recommends an annual national cyber rehearsal, together with regular local cyber incident tests. If implemented in a way that mimics the communication black out and impact of a cyber incident, this will be a huge stride forward. The danger is if the rehearsals are not an accurate recreation and lead to complacency. It is arguably better not to have a response plan at all than one that doesn’t function under the stress of an actual incident. • Communication is to be more coordinated. The incident room should ensure communication channels are clear and well managed, with consistent selection of the organisations called upon for assistance; this would avoid assistance providers responding with the same information to multiple requests. The heavy reliance on email should be addressed so that social media and other alternative communications platforms are available when email is taken down in a cyber attack. Continued testing of these alternatives will be crucial to ensure there is functional communication support. • Data collection will be improved via an established set of standard data requests by NHS England in the event of attack. This should improve the completeness of data to support incident management and reduce the burden of data collection when the attack is still live. Traditional paper-based processes will also be implemented where the incident management system is affected. Paper, it seems, has a place in cyber defence. • Resources must be available and include cyber accredited support. NHS Digital’s contact centre must be sufficiently staffed and develop its emergency on-call expertise to continued CYBER SECURITY The Report certainly reads well, but words are not enough; deeds and significant capital are required to implement these recommendations. image: Charlie Costello
  • 3. A Cecile Park Media Publication | March 2018 19 NEWS ANALYSIS Headline Text ensure the right people are available to make key decisions and provide support. It is remarkable this was not already in place. Many of the NHS personnel dealing with WannaCry had no relevant experience of a cyber attack, there was a lack of IT staff and those that did help were often doing so on a voluntary firefighting basis. IT support teams are to be cyber accredited and include cyber support units with a developed and tested emergency response capability. So will these recommendations be effective? One concern is that the disjointed structure of the NHS gives little cause for hope. The DHSC has overall responsibility for cyber security, but this is delegated down to a myriad of Trusts, GP practices and social care providers. History tells us that these NHS organisations do not all march in step and have previously failed to heed security warnings or requests. That said, these recommendations are detailed and thorough; proper implementation will be key to their success. My own view is that there needs to be a compulsory scheme of regulation and a compliance regime with sharp teeth. There should be routine checks and sanctions for those who fail to adhere to CareCERTs or requests. The Report certainly reads well, but words are not enough; deeds and significant capital are required to implement these recommendations. Will this happen? Do not be in doubt, another major cyber attack will strike the NHS - and when it does we will have our answer. Costello / Unsplash.com