News Hub

Outdated IT systems endanger NHS security, warns ex UK cyber chief

Written by Mon 8 Jul 2024

Image of NHS and model of the human body

The founding CEO of the UK’s National Cyber Security Centre (NCSC) has warned that outdated NHS systems are endangering its security and increasing vulnerability to cyberattacks.

The BBC reported Professor Ciaran Martin has identified three key cybersecurity issues faced by the NHS: outdated IT systems, the need to identify vulnerabilities, and implementing basic security practices. His caution has arrived after NHS England announced its patient data managed by pathology services organisation, Synnovis, was stolen in a cyberattack on 3 June. 

“It was obvious that this was going to be one of the most serious cyber incidents in British history because of the disruption to healthcare,” said Professor Martin to the BBC.

Professor Martin underscored the need to identify single points of failure in the system and enhance backup solutions, highlighting that strengthening basic security measures could significantly deter attackers, and that ‘those little things make the point of entry quite a lot harder for the thugs to get in’.

Simon Hodgkinson, strategic advisor at Active Directory security and recovery platform, Semperis, said the Synnovis cyberattack amplified the importance of understanding the end-to-end supply chain, assuring suppliers have the appropriate security controls in place, and documented and tested recovery plans.

“All too often, this assurance is delivered through questionnaires which are insufficient for critical suppliers. However, it is not just suppliers, one must understand from the point of care, the processes and systems that enable the clinical outcome and ensure appropriate security measures are in place,” added Hodgkinson.

The NHS said it has invested £338 million ($433 million) in the past seven years to increase its cybersecurity resiliency.

NHS Records Stolen in Cyberattack 

The NHS ransomware attack led to several hospitals in London, including King’s College Hospital, Guy’s and St Thomas’, being forced to cancel operations. NHS England deemed the attack a regional incident which affected 4,913 acute outpatient appointments and 1,391 postponed operations.

A range of primary care services, blood transfusions and test results have been disrupted after Synnovis, a provider of lab services, became the victim of a ransomware attack.

The group called Qilin is said to be behind this hack and appears to be motivated by ransom payment, as opposed to political goals.

Join Tech Show Paris

27-28 November 2024, Porte de Versailles, Paris

Be a part of the latest tech conversations and discover pioneering innovations in Paris.

Don’t miss one of the most exciting technology events of the year for France.

Written by Mon 8 Jul 2024

Send us a correction Send us a news tip