NHS braced for attack worse than ransomware campaign that froze services last May

The NHS is preparing for another major cyber-attack that will hit healthcare harder than WannaCry, its head of digital has claimed.

Last year’s ransomware campaign saw some NHS networks crippled, with thousands of patients being turned away and computer systems shutting down.

But the incident was “not the be all and end all”, claims the NHS head of data security, who forewarned of a future attack on public services.

Speaking at the annual NCSC CyberUK conference in Manchester today, director of security for NHS Digital, Dan Taylor, said: “WannaCry affected healthcare in a small way – that might be contrary to what you’ve heard from the press.

“Just over 40 organizations were affected in total – there’s anywhere between 22 and 26,000 organizations that govern the healthcare system in the UK.

“They cover a much greater landscape than was perhaps publicized at the time.

“But what WannaCry was, was a shot across our bows. It was the idea that something could happen, it did happen, and it did affect patient care in many areas.

“It was not the incident, the be all and end all incident, in healthcare. That, as we’ve heard today, will come, something new will happen.

“There will be another WannaCry.”

WannaCry infected thousands of computers globally, and was reported to have been spread via phishing emails by attackers from North Korea - thought to be the Lazarus group.

The attack – not necessarily aimed at the UK health sector - exploited a vulnerability in Windows XP, which is still being used by some NHS trusts.

A report by the National Audit Office (NAO) slammed the NHS for its lack of cybersecurity prior to the attack, and stated that it was warned to patch its systems back in 2014.

Taylor added: “There were mistakes in terms of communication and we could have done things better, but we did a fine job overall getting the service back within the time we did.

“It’s all about making sure you have that plan and testing that plan early on. The thing we’ve done since that is test, and test, and test again.

“So that hopefully when it does happen, we’ll be in a much better position.”

Yochana Henderson, head of digital for the parliamentary digital service, also spoke of how WannaCry affected government networks in June.

The “sustained and determined” attack happened a month after the global outbreak, and was thought to have affected less than 1% of government email accounts.

Henderson said: “The attack was quite intense at times, not to begin with – our attack started off quite slow, which is why detection didn’t pick it up.

“Once it did we really had to ramp up. They knew that we knew, so they ramped up their attack against us.

“One of the main things we had to look at was – where are they going to hit next?”

Despite the scale of the attack, a Freedom of Information (FOI) request recently revealed that a number of NHS regional boards across England and Scotland are still operating Windows XP.

XP was blamed largely for the spread of the ransomware, despite security researchers claiming that it mostly affected Windows 7 systems.

The report found that 11 of 14 NHS Scotland trusts have yet to upgrade, while statistics in December last year reported that 88 of 192 NHS England boards were still using it.