DH
Uploaded bydan hyde
30 views

Wannacry or learn?

The National Audit Office published a report investigating the WannaCry cyber attack on the NHS in October 2017. The report found: 1) The NHS had shoddy IT systems and cybersecurity practices that made it vulnerable to the attack, such as unpatched Windows operating systems and a lack of firewalls. 2) The NHS had no effective breach response plan, resulting in confusion and a disorganized response when systems went down. 3) For real improvement, the NHS must implement rigorous cybersecurity drills, inspections, and consequences for non-compliance - but the disjointed structure of the NHS may prevent this.

Embed presentation

Download to read offline
A Cecile Park Media Publication | December 2017 15 BREACH RESPONSE The NAO investigation into WannaCry Dan Hyde Partner Dan.Hyde@penningtons.co.uk Penningtons.Manches LLP The Breach Friday 12 May 2017 was a ‘Black Friday’ in the truest sense of the phrase; not a day of panic in trying to grab a bargain in discounted sales, but a day that witnessed a global ransomware attack now known as WannaCry. The attack was random and whilst one of the major victims was our NHS, it was certainly not targeted. The cyber attack affected some 100 countries and an excess of 200,000 computers. The exact numbers and full extent will never be known. Perhaps more surprisingly, the cost to the NHS will also not be known, as despite investigation by the DoH and the Report from the NAO, we are informed that the cost is not calculable; much of the data as to the full impact of the attack is seemingly lost or unavailable. If this is true, there are shoddy systems in place at the NHS. There were certainly shoddy systems in terms of IT and cyber security. For a start the infection by the WannaCry ransomware was entirely avoidable. Every single NHS organisation that was infected by WannaCry had unpatched or unsupported Windows operating systems that enabled virus infection. Significantly, in March 2017 Microsoft had issued updates that NHS Trusts using Windows 7 could have adopted to protect themselves. Further, on 17 March 2017, NHS Digital had issued a CareCERT asking NHS Trusts to apply the Microsoft update. If the DoH’s figures are to be relied upon, more than 90% of the devices in the NHS are operating on Windows 7, so 90% of those devices would have been protected if they had been patched in line with the NHS Digital request. Trusts running older Windows XP operating systems on devices had been expressly notified that they were to migrate away from their use, yet when the attack came on 12 May 2017, approximately 5% of the NHS was still reliant on an outdated Windows XP operating system. Windows XP can however be patched, and following the attack Microsoft issued an XP update that would have prevented the ransomware infection. This non-targeted ransomware attack was spread via the internet and caught the NHS which was exposed due to its unpatched Windows systems. Even this The National Audit Office (‘NAO’) published a full report entitled ‘Investigation: WannaCry cyber attack and the NHS’ (the ‘Report’) on 27 October 2017, which looked to investigate the context, causes and result of the international ransomware attack WannaCry on the NHS. Dan Hyde, Partner at Penningtons Manches, discusses the findings of the Report and the lessons the NHS and the Department of Health (‘DoH’) have learned from WannaCry. Image:tzahiV/iStock/GettyImagesPlus
CYBER SECURITY PRACTITIONER16 exposure would not have been fatal had effective firewalls been in place to repel the threat, but there was no such line of defence because firewalls had not been maintained so that even this basic shield was missing. Prior to this ‘Black Friday,’ the NHS had no joined up cyber security and a culture of woeful non-compliance; as on 12 May 2017 only 88 out of 236 NHS Trusts had been subject to a cyber security inspection by NHS Digital. Of the 88 inspected not a single Trust passed. The inspections were voluntary and CareCERTs requesting updates and other basic cyber security measures were treated as being voluntary and largely ignored. The NHS Trusts were silos and the DoH had no knowledge as to which had complied with the requests. The DoH was itself unprepared; it was warned a year before the attack that it was at risk, yet did not provide any written report in response until two months after the attack in July 2017. The Breach Response So what happened after the initial breach? Sadly the NHS had no proper breach response plan or, if it did, it did not have one worth having. History tells us that one of the key features of a cyber attack is the communication blackout that follows. It was Maersk’s lack of preparedness for this that caused such bewilderment and the same was true of the NHS. The very first hurdle, the loss of key communication systems, was not properly prepared for and staff were left scrabbling for personal mobiles in order to try and send WhatsApp messages, subject to the contact being within their personal contact list. Roles, responsibilities and reporting lines were not properly defined with the result that emergency calls were made to various local, national agencies and emergency services in the uncoordinated disorganised panic that followed the attack. It is arguably better not to have any breach response plan than one that is merely a box ticking exercise that leads, as here, to complacency and increased confusion when the attack hits. Incident response plans should be tested in a realistic way - there needs to be a drill where systems are not available for use and staff become familiar with who and how they make contact, and a step- by-step means of limiting damage and restoring and recovering systems. In conclusion, they had a woefully inadequate breach response plan, which arguably wasn’t a plan at all, but rather an unpractised and ineffective hypothetical policy that none of the key personnel were sufficiently familiar with. The recovery was aided by a cyber security researcher who activated a kill switch; his action prevented WannaCry locking out further systems and devices. That was by luck or intuition rather than design as it was not in pursuit of any implemented national cyber security policy; NHS England’s IT Department did not even have on-call emergency facilities in place so there was a reliance on IT staff attending work voluntarily to assist in firefighting. The National Cyber Security Centre and National Crime Agency also pitched in, assisting the NHS and other affected organisations - it is unclear just how much worse the lines of communication and impact might have been but for that external assistance. Lessons learned? The disjointed structure of the NHS gives little cause for hope. The DoH has overall responsibility for cyber security but this is delegated down to a myriad of NHS Trusts, GPs and social care providers. History tells us that these organisations do not all march in step and have previously failed to heed warnings or requests. The NHS has now declared ‘the need to improve the protection from future cyber attacks’ - but how will it actually implement such a statement of intent when it comprises silos that are seemingly ungovernable? It sets out a number of key measures, namely: • To develop a response plan. • To ensure ‘critical’ CareCERT alerts are implemented. • To ensure essential communications get through during an incident when systems are down. • To ensure organisations, staff and boards take the threat of cyber attack seriously, work proactively to maximise resilience and reduce the impact on patient care. This all sounds rather trite. The NAO Report found a cyber breach response plan had already been developed on 12 May when the attack hit. It was not the absence of a plan, but rather the inability to put any plan into practice that was at the heart of the failure. That can only be taught through cyber drills that replicate the loss of communication and key system support. There needs to be a scheme of regulation and a compliance regime with teeth to ensure that there are routine checks and sanctions for those who fail to adhere to CareCERTS. In terms of practical steps, the DoH should be setting a minimum number of drill targets, rather like fire drills backed by mandatory inspections by NHS Digital or an external inspector; if an organisation fails inspection there should be immediate action to remedy and a follow up test. I have no doubt that the NHS and its constituent parts will take cyber attacks more seriously going forward, but deeds not words are required. I remain unconvinced that this will happen. BREACH RESPONSE continued Sadly the NHS had no proper breach response plan or, if it did, it did not have one worth having. History tells us that one of the key features of a cyber attack is the communication blackout that follows.

More Related Content

PDF
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
byOpenDNS
 
PDF
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014
byxMatters Inc
 
PPTX
No Money, No Problem - A Scalable Approach to Social Media Monitoring
byTamer Hadi
 
PDF
The lessons learned from WannaCry.
bydan hyde
 
PPTX
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
byBlack Duck by Synopsys
 
PDF
2014 Top 10 Predictions for BC/DR by Dr. Steven B Goldman
byxMattersMarketing
 
PDF
Impacts cloud remote_workforce
byRodrigo Varas
 
PDF
Webmasterbreach
byÉdgar Medina
 
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie Ahead
byOpenDNS
 
Dr Steve Goldman's Top Ten Business Continuity Predictions / Trends for 2014
byxMatters Inc
 
No Money, No Problem - A Scalable Approach to Social Media Monitoring
byTamer Hadi
 
The lessons learned from WannaCry.
bydan hyde
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
byBlack Duck by Synopsys
 
2014 Top 10 Predictions for BC/DR by Dr. Steven B Goldman
byxMattersMarketing
 
Impacts cloud remote_workforce
byRodrigo Varas
 
Webmasterbreach
byÉdgar Medina
 

What's hot

PDF
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
bySteve Fantauzzo
 
PDF
Whitepaper | Cyber resilience in the age of digital transformation
byNexon Asia Pacific
 
PDF
Ransomware attacks
byTexas Medical Liability Trust
 
PDF
Ransomware in Healthcare: 5 Attacks on Hospitals & Lessons Learned
byBarkly
 
PDF
Nexusguard d do_s_threat_report_q1_2017_en
byAndrey Apuhtin
 
PDF
INCIDENT RESPONSE NIST IMPLEMENTATION
bySylvain Martinez
 
PPT
Digital Volunteers and Emergency Management
byPatrice Cloutier
 
PDF
5 Key Findings on Advanced Threats
byHannah Jenney
 
PPTX
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
byProofpoint
 
PDF
Anti virus in the corporate arena
byUltraUploader
 
PDF
Achieving Holistic Cybersecurity: 2016 Progress Report
byGov BizCouncil
 
PDF
Web Attack Survival Guide
by- Mark - Fullbright
 
PDF
12102 vipre business-protecting-against-the-new-wave-of-malware
byWebEconomIA NL para profesionales y Pymes
 
PDF
Preparing for future attacks - the right security strategy
byRapidSSLOnline.com
 
PDF
Cisco Annual Security Report 2016
byThe Internet of Things
 
PDF
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
byHexis Cyber Solutions
 
PDF
Cisco - See Everything, Secure Everything
byRedington Value Distribution
 
PDF
Social media and technology
byMary Jo Flynn, MS, CEM
 
Ransomware and Emerging Cyber Threats: Why It's More Than Just An IT Problem ...
bySteve Fantauzzo
 
Whitepaper | Cyber resilience in the age of digital transformation
byNexon Asia Pacific
 
Ransomware attacks
byTexas Medical Liability Trust
 
Ransomware in Healthcare: 5 Attacks on Hospitals & Lessons Learned
byBarkly
 
Nexusguard d do_s_threat_report_q1_2017_en
byAndrey Apuhtin
 
INCIDENT RESPONSE NIST IMPLEMENTATION
bySylvain Martinez
 
Digital Volunteers and Emergency Management
byPatrice Cloutier
 
5 Key Findings on Advanced Threats
byHannah Jenney
 
Adapted from an ESG report - Seeing Is Securing - Protecting Against Advanced...
byProofpoint
 
Anti virus in the corporate arena
byUltraUploader
 
Achieving Holistic Cybersecurity: 2016 Progress Report
byGov BizCouncil
 
Web Attack Survival Guide
by- Mark - Fullbright
 
12102 vipre business-protecting-against-the-new-wave-of-malware
byWebEconomIA NL para profesionales y Pymes
 
Preparing for future attacks - the right security strategy
byRapidSSLOnline.com
 
Cisco Annual Security Report 2016
byThe Internet of Things
 
Hexis Cybersecurity Mission Possible: Taming Rogue Ghost Alerts
byHexis Cyber Solutions
 
Cisco - See Everything, Secure Everything
byRedington Value Distribution
 
Social media and technology
byMary Jo Flynn, MS, CEM
 

Similar to Wannacry or learn?

PDF
Fortified Health Security - Horizon Report 2016
byDan L. Dodson
 
PPTX
Cyberattacks on Healthcare Systemss.pptx
byJoeOrlando16
 
PDF
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
byAPNIC
 
PPTX
Cyber physical system for healthcare
byJUGAL GANDHI
 
PPT
Ransomware: Prevention, privacy and your options post-breach
byGowling WLG
 
PPTX
Privacy, Confidentiality, and Security_lecture 1_slides
byZakCooper1
 
PPTX
Healthcare data and their protection in the philippines
byshoei yoshida
 
PPTX
Cloud Security.pptx
byBinod Rimal
 
PPTX
Lecture 2 Threats and Strategy.pptx
bymoushalivindi
 
DOCX
56 JULY 2017 WWW.COM.docx
byalinainglis
 
PDF
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
bymosmedicalreview
 
PDF
We Need to Prioritize Cybersecurity in 2020
byMatthew Doyle
 
DOCX
Running head Information security threats 1Information secur.docx
bywlynn1
 
DOCX
Peer Review FormComplete the form by inserting your answer.docx
bytemplestewart19
 
PDF
Global ransomware attacks_2017_final msw_g2_sg
byChristopher R. Ward
 
PDF
Global Ransomware Client Alert
byRobyn Melnyk
 
PPTX
ransome_case solved.pptx
byradhika457461
 
PDF
DHHS ASPR Cybersecurity Threat Information Resources
byDavid Sweigert
 
PDF
Identify one cyberattack that occurred in the last 2 years. What cau.pdf
byfatoryoutlets
 
PPTX
Crucial wannacryoutbreaks
bykevinmass30
 
Fortified Health Security - Horizon Report 2016
byDan L. Dodson
 
Cyberattacks on Healthcare Systemss.pptx
byJoeOrlando16
 
Lessons learned from 2017 cybersecurity incidents, 2018 and beyond
byAPNIC
 
Cyber physical system for healthcare
byJUGAL GANDHI
 
Ransomware: Prevention, privacy and your options post-breach
byGowling WLG
 
Privacy, Confidentiality, and Security_lecture 1_slides
byZakCooper1
 
Healthcare data and their protection in the philippines
byshoei yoshida
 
Cloud Security.pptx
byBinod Rimal
 
Lecture 2 Threats and Strategy.pptx
bymoushalivindi
 
56 JULY 2017 WWW.COM.docx
byalinainglis
 
Healthcare Attorneys Feel the Healthcare Industry Is More Vulnerable to Cyber...
bymosmedicalreview
 
We Need to Prioritize Cybersecurity in 2020
byMatthew Doyle
 
Running head Information security threats 1Information secur.docx
bywlynn1
 
Peer Review FormComplete the form by inserting your answer.docx
bytemplestewart19
 
Global ransomware attacks_2017_final msw_g2_sg
byChristopher R. Ward
 
Global Ransomware Client Alert
byRobyn Melnyk
 
ransome_case solved.pptx
byradhika457461
 
DHHS ASPR Cybersecurity Threat Information Resources
byDavid Sweigert
 
Identify one cyberattack that occurred in the last 2 years. What cau.pdf
byfatoryoutlets
 
Crucial wannacryoutbreaks
bykevinmass30
 

Recently uploaded

PDF
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
PPTX
Route_Inspection_Problem_Presentation.pptx
byIqraHanif27
 
PPTX
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
PPTX
Introduction to Computer Network Concepts.pptx
byAnacrissa Soriano
 
PDF
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
PPTX
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
PDF
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
PDF
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
PPTX
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
PDF
Industrial RFID Landscape for 2025 - Readers, Tags, Antennas, Printers, etc
byRich Rogers
 
PDF
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
PDF
The Future of AI-Powered Fashion Design 10 Top Generators for 2026
bymockitseo
 
PPTX
Information about Trusted Platform Module(TPM)
bynewtoknow techs
 
PPTX
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
PPTX
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
PDF
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
PDF
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
PPTX
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 
PDF
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
PDF
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
Route_Inspection_Problem_Presentation.pptx
byIqraHanif27
 
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
Introduction to Computer Network Concepts.pptx
byAnacrissa Soriano
 
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
What is Voice User Interface (VUI) Definition & Examples.pdf
byDesign Studio UI UX
 
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
UNIT III TYPOLOGY OF CRIME AND CRIMINAL BEHAVIOUR (1).pptx
bybloodyhumanoid
 
Industrial RFID Landscape for 2025 - Readers, Tags, Antennas, Printers, etc
byRich Rogers
 
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
The Future of AI-Powered Fashion Design 10 Top Generators for 2026
bymockitseo
 
Information about Trusted Platform Module(TPM)
bynewtoknow techs
 
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
Document Reconstruction using AI & Deep Learning
bysonjuktaweb
 
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
Salesforce Spring 26 Release Key .pptx
byMehediHasan939830
 
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 

Wannacry or learn?

  • 1.
    A Cecile ParkMedia Publication | December 2017 15 BREACH RESPONSE The NAO investigation into WannaCry Dan Hyde Partner Dan.Hyde@penningtons.co.uk Penningtons.Manches LLP The Breach Friday 12 May 2017 was a ‘Black Friday’ in the truest sense of the phrase; not a day of panic in trying to grab a bargain in discounted sales, but a day that witnessed a global ransomware attack now known as WannaCry. The attack was random and whilst one of the major victims was our NHS, it was certainly not targeted. The cyber attack affected some 100 countries and an excess of 200,000 computers. The exact numbers and full extent will never be known. Perhaps more surprisingly, the cost to the NHS will also not be known, as despite investigation by the DoH and the Report from the NAO, we are informed that the cost is not calculable; much of the data as to the full impact of the attack is seemingly lost or unavailable. If this is true, there are shoddy systems in place at the NHS. There were certainly shoddy systems in terms of IT and cyber security. For a start the infection by the WannaCry ransomware was entirely avoidable. Every single NHS organisation that was infected by WannaCry had unpatched or unsupported Windows operating systems that enabled virus infection. Significantly, in March 2017 Microsoft had issued updates that NHS Trusts using Windows 7 could have adopted to protect themselves. Further, on 17 March 2017, NHS Digital had issued a CareCERT asking NHS Trusts to apply the Microsoft update. If the DoH’s figures are to be relied upon, more than 90% of the devices in the NHS are operating on Windows 7, so 90% of those devices would have been protected if they had been patched in line with the NHS Digital request. Trusts running older Windows XP operating systems on devices had been expressly notified that they were to migrate away from their use, yet when the attack came on 12 May 2017, approximately 5% of the NHS was still reliant on an outdated Windows XP operating system. Windows XP can however be patched, and following the attack Microsoft issued an XP update that would have prevented the ransomware infection. This non-targeted ransomware attack was spread via the internet and caught the NHS which was exposed due to its unpatched Windows systems. Even this The National Audit Office (‘NAO’) published a full report entitled ‘Investigation: WannaCry cyber attack and the NHS’ (the ‘Report’) on 27 October 2017, which looked to investigate the context, causes and result of the international ransomware attack WannaCry on the NHS. Dan Hyde, Partner at Penningtons Manches, discusses the findings of the Report and the lessons the NHS and the Department of Health (‘DoH’) have learned from WannaCry. Image:tzahiV/iStock/GettyImagesPlus
  • 2.
    CYBER SECURITY PRACTITIONER16 exposurewould not have been fatal had effective firewalls been in place to repel the threat, but there was no such line of defence because firewalls had not been maintained so that even this basic shield was missing. Prior to this ‘Black Friday,’ the NHS had no joined up cyber security and a culture of woeful non-compliance; as on 12 May 2017 only 88 out of 236 NHS Trusts had been subject to a cyber security inspection by NHS Digital. Of the 88 inspected not a single Trust passed. The inspections were voluntary and CareCERTs requesting updates and other basic cyber security measures were treated as being voluntary and largely ignored. The NHS Trusts were silos and the DoH had no knowledge as to which had complied with the requests. The DoH was itself unprepared; it was warned a year before the attack that it was at risk, yet did not provide any written report in response until two months after the attack in July 2017. The Breach Response So what happened after the initial breach? Sadly the NHS had no proper breach response plan or, if it did, it did not have one worth having. History tells us that one of the key features of a cyber attack is the communication blackout that follows. It was Maersk’s lack of preparedness for this that caused such bewilderment and the same was true of the NHS. The very first hurdle, the loss of key communication systems, was not properly prepared for and staff were left scrabbling for personal mobiles in order to try and send WhatsApp messages, subject to the contact being within their personal contact list. Roles, responsibilities and reporting lines were not properly defined with the result that emergency calls were made to various local, national agencies and emergency services in the uncoordinated disorganised panic that followed the attack. It is arguably better not to have any breach response plan than one that is merely a box ticking exercise that leads, as here, to complacency and increased confusion when the attack hits. Incident response plans should be tested in a realistic way - there needs to be a drill where systems are not available for use and staff become familiar with who and how they make contact, and a step- by-step means of limiting damage and restoring and recovering systems. In conclusion, they had a woefully inadequate breach response plan, which arguably wasn’t a plan at all, but rather an unpractised and ineffective hypothetical policy that none of the key personnel were sufficiently familiar with. The recovery was aided by a cyber security researcher who activated a kill switch; his action prevented WannaCry locking out further systems and devices. That was by luck or intuition rather than design as it was not in pursuit of any implemented national cyber security policy; NHS England’s IT Department did not even have on-call emergency facilities in place so there was a reliance on IT staff attending work voluntarily to assist in firefighting. The National Cyber Security Centre and National Crime Agency also pitched in, assisting the NHS and other affected organisations - it is unclear just how much worse the lines of communication and impact might have been but for that external assistance. Lessons learned? The disjointed structure of the NHS gives little cause for hope. The DoH has overall responsibility for cyber security but this is delegated down to a myriad of NHS Trusts, GPs and social care providers. History tells us that these organisations do not all march in step and have previously failed to heed warnings or requests. The NHS has now declared ‘the need to improve the protection from future cyber attacks’ - but how will it actually implement such a statement of intent when it comprises silos that are seemingly ungovernable? It sets out a number of key measures, namely: • To develop a response plan. • To ensure ‘critical’ CareCERT alerts are implemented. • To ensure essential communications get through during an incident when systems are down. • To ensure organisations, staff and boards take the threat of cyber attack seriously, work proactively to maximise resilience and reduce the impact on patient care. This all sounds rather trite. The NAO Report found a cyber breach response plan had already been developed on 12 May when the attack hit. It was not the absence of a plan, but rather the inability to put any plan into practice that was at the heart of the failure. That can only be taught through cyber drills that replicate the loss of communication and key system support. There needs to be a scheme of regulation and a compliance regime with teeth to ensure that there are routine checks and sanctions for those who fail to adhere to CareCERTS. In terms of practical steps, the DoH should be setting a minimum number of drill targets, rather like fire drills backed by mandatory inspections by NHS Digital or an external inspector; if an organisation fails inspection there should be immediate action to remedy and a follow up test. I have no doubt that the NHS and its constituent parts will take cyber attacks more seriously going forward, but deeds not words are required. I remain unconvinced that this will happen. BREACH RESPONSE continued Sadly the NHS had no proper breach response plan or, if it did, it did not have one worth having. History tells us that one of the key features of a cyber attack is the communication blackout that follows.