Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

​NHS cyber attack: Jeremy Hunt accused of 'ignoring extensive warning signs' about outdated computer systems

Labour's shadow Health Secretary says concerns were repeatedly flagged about vulnerable computer systems

Samuel Osborne
Sunday 14 May 2017 04:32 EDT
Comments
Concerns about outdated computer systems were repeatedly flagged up to Health Secretary Jeremy Hunt, according to Labour
Concerns about outdated computer systems were repeatedly flagged up to Health Secretary Jeremy Hunt, according to Labour (Reuters)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Jeremy Hunt has been accused of ignoring "extensive warning signs" which could have prevented an unprecedented cyber attack from plunging the NHS into chaos.

Hospitals across England and Scotland have been crippled by the global attack, which saw about 45 organisations infiltrated by malicious software on Friday.

A number of hospitals were forced to cancel procedures after medical staff reported seeing computers go down "one by one" as the attack took hold, locking machines and demanding money to release the data.

About a fifth of trusts were hit, with six still affected 24 hours later, amid concerns networks were left vulnerable because they were still using outdated Windows XP software.

Government urged to clarify whether NHS bodies could have stopped cyber attack

The apparent chink in the NHS's defences led to criticism of the Tories after the Government decided not to extend a £5.5m support deal with Microsoft for Windows XP in 2015.

Labour's shadow Health Secretary, Jonathan Ashworth, in a letter to Mr Hunt, said concerns were repeatedly flagged about outdated computer systems.

"The public has a right to know exactly what the Government will do to ensure that such an attack is never repeated again," he wrote.

Mr Ashworth demanded to know why NHS organisations had failed to act on a critical note from Microsoft two months ago, what resources were being given to the NHS to bring the situation under control and what arrangements were in place to protect the NHS against cyber attacks.

There have been repeated warnings about the vulnerability of the outdated NHS systems, including from the National Cyber Security Centre and the National Crime Agency, Mr Ashworth said.

Many had been left "extremely vulnerable" to an attack since 2015, when they continued to use an outdated version of Windows after a security package had been stopped.

"NHS Trusts have been running thousands of outdated and unsupported Windows XP machines despite the Government ending its annual £5.5 million deal with Microsoft, which provided ongoing security support for Windows XP, in May 2015," Mr Ashworth wrote.

"It effectively means that unless individual trusts were willing to pay Microsoft for an extended support deal, since May 2015 their operating systems have been extremely vulnerable to being hacked," he added.

A Freedom of Information request in February found a total of 79 English trusts have suffered ransomware attacks since June 2015, he said.

NHS website affected by international computer cyber attack
NHS website affected by international computer cyber attack (Rex)

Speaking after a Cobra meeting on Saturday, Home Secretary Amber Rudd admitted "there's always more" that can be done to protect against viruses.

She said: "If you look at who's been impacted by this virus, it's a huge variety across different industries and across international governments.

"This is a virus that attacked Windows platforms. The fact is the NHS has fallen victim to this.

"I don't think it's to do with that preparedness. There's always more we can all do to make sure we're secure against viruses, but I think there have already been good preparations in place by the NHS to make sure they were ready for this sort of attack."

The instruction file that Nurse Helen Barrow, of Littleborough, Lancashire, found on her desktop after becoming the first known UK victim
The instruction file that Nurse Helen Barrow, of Littleborough, Lancashire, found on her desktop after becoming the first known UK victim (PA)

However, Ms Rudd was accused of "wild complacency" over her response and many questioned why Mr Hunt had remained quiet during the crisis.

Lord Paddick, Liberal Democrat home affairs spokesman and a former Metropolitan Police deputy assistant commissioner, said Ms Rudd was "more suited to the era of analogue".

"We need to get to the bottom of why the Government thought cyber attacks were not a risk, when a combination of warnings and plain common sense should have told ministers that there is a growing and dangerous threat to our cyber security," he said.

"It is worrying that in Amber Rudd we have a Home Secretary in the digital age more suited to the era of analogue. This is not the first time she has looked lost in cyberspace.

"The Government likes to look tough, but this is an example of where it has left Britain defenceless."

A woman points to the website of the NHS: East and North Hertfordshire notifying users of a problem in its network
A woman points to the website of the NHS: East and North Hertfordshire notifying users of a problem in its network (AFP)

Britain is spending about £50m on improving the security of the National Health Service's computer systems and had warned the NHS it faced cyber threats, defence minister Michael Fallon said.

In an interview with the BBC's Andrew Marr Show, Mr Fallon said Theresa May's Government had identified in its security review that cyber threats were one of the top three greatest threats for the country.

"We set aside £1.9billion to protect us better against cyber and a large chunk of that went to the NHS," Mr Fallon said.

"We are spending around £50million on the NHS cyber systems to improve their security, we've encouraged the NHS trusts to reduce their exposure to the weakest system, the Windows XP ... and there is money available to strengthen these systems," he added.

Additional reporting by agencies

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in