NHS at risk of major cyber attack while it deals with coronavirus, experts warn

The NHS is at risk of a major cyber attack as it fights against the outbreak of coronavirus, according to experts.

The health service is already stretched to “breaking point” and needs greater support to ensure that it can stay protected from any potentially devastating hack, according to think tank Chatham House.

Lessons have been learned since the WannaCry ransomware attack which caused widespread disruption to the NHS in 2017 but today’s situation is “far more fragile”.

“Evidently, the NHS is stretched to breaking point – expecting it to be on top of its cybersecurity during these exceptionally challenging times is unrealistic,” Joyce Hakmeh, senior research fellow at Chatham House’s International Security Programme, said.

She argues that supporting the NHS should go beyond increasing human resources and equipment capacity, as cyber security is critical in ensuring health professionals can carry on saving lives, safely and securely.

At such a critical time for the health service, they want the government to call upon the private cybersecurity sector for assistance.

The think tank is also concerned about usual security processes being side-stepped, such as a national audit of the NHS’s security and cyber-resilience which was put on hold until September due to Covid-19.

It comes as Europol recently warned about pandemic profiteering, particularly online where criminals are attempting to exploit the crisis.

“Now is the time where innovative public-private partnerships on cybersecurity should be formed – similar to the economic package that the UK chancellor has put in place to shore up the economy against the Covid-19 impact and the innovative thinking on ventilator production,” Ms Hakmeh continued.

“The ways in which this support can be delivered can take different forms, the important thing is that it is mobilised swiftly.”

Neil Bennett, acting chief information security officer at NHS Digital, said: “This is a time of unprecedented stress on the NHS, not least for the cyber security and IT teams who are continuing to work hard in all NHS organisations to keep patient data and systems secure, to continue to deliver safe patient care.”

He continued: “Working closely with partner organisations such as the National Cyber Security Centre and NHSX, we have created a new programme of work to help tackle the challenges that Covid-19 has presented the health and care sector.

“This will support local organisations even further to identify and fix technical issues, provide resource where needed, enhance our threat intelligence and threat-hunting capabilities, and support the new field hospitals to set up their operations securely.

“In addition, we are doing further work to protect Critical National Infrastructure assets, aligned to CPNI standards, and we are continuing to issue guidance to the sector on secure remote working, which we will continue to update as the threat landscape develops.”

Additional reporting by Press Association