Greater cybersecurity support for NHS needed during outbreak, says think tank
14:47, 02 April 2020
updated: 14:54, 14 April 2020
The NHS needs greater cybersecurity support to prevent a crippling attack during the coronavirus pandemic, a think tank has warned.
Security experts at Chatham House claim the NHS may be ill-prepared to deal with the aftermath of a potentially devastating cyber threat and has suggested the Government seek urgent help to protect it.
Lessons have been learned since the WannaCry ransomware attack which caused widespread disruption to the NHS in 2017 but today’s situation is far more fragile, they say.
“Evidently, the NHS is stretched to breaking point – expecting it to be on top of its cybersecurity during these exceptionally challenging times is unrealistic,” Joyce Hakmeh, senior research fellow at Chatham House’s International Security Programme, said.
She argues that supporting the NHS should go beyond increasing human resources and equipment capacity, as cyber security is critical in ensuring health professionals can carry on saving lives, safely and securely.
At such a critical time for the health service, they want the Government to call upon the private cybersecurity sector for assistance.
Now is the time where innovative public-private partnerships on cybersecurity should be formed ...
The think tank is also concerned about usual security processes being side-stepped, such as a national audit of the NHS’s security and cyber-resilience which was put on hold until September due to Covid-19.
It comes as Europol recently warned about pandemic profiteering, particularly online where criminals are attempting to exploit the crisis.
“Now is the time where innovative public-private partnerships on cybersecurity should be formed – similar to the economic package that the UK Chancellor has put in place to shore up the economy against the Covid-19 impact and the innovative thinking on ventilator production,” Ms Hakmeh continued.
“The ways in which this support can be delivered can take different forms, the important thing is that it is mobilised swiftly.”
Neil Bennett, acting chief information security officer at NHS Digital responded, saying: “This is a time of unprecedented stress on the NHS, not least for the cyber security and IT teams who are continuing to work hard in all NHS organisations to keep patient data and systems secure, to continue to deliver safe patient care.”
He continued: “Working closely with partner organisations such as the National Cyber Security Centre and NHSX, we have created a new programme of work to help tackle the challenges that Covid-19 has presented the health and care sector.
“This will support local organisations even further to identify and fix technical issues, provide resource where needed, enhance our threat intelligence and threat-hunting capabilities, and support the new field hospitals to set up their operations securely.
“In addition, we are doing further work to protect Critical National Infrastructure assets, aligned to CPNI standards, and we are continuing to issue guidance to the sector on secure remote working, which we will continue to update as the threat landscape develops.”