NHS trusts failing meet Cyber Essentials Plus standards
Civil servants have revealed that EVERY NHS trust that has been assessed for cyber security vulnerabilities failed to meet the required standard: all 200 failed to meet the Cyber Essentials Plus standard needed.
This information was revealed during a Parliamentary hearing to discuss the WannaCry ransomware attack from May last year which had a crippling effect on the NHS. The attack infected nearly a third of NHS trusts in England and hundreds of GP surgeries, resulting in the cancellation of at least 6,900 NHS appointments. Despite an increase in security provisions it appears that the NHS may not be in a better position nearly a year later to combat a similar attack.
Our Cyber Essentials Scheme Summary states:
“Cyber Essentials Plus oﬀers a higher level of assurance through the external testing of the organisation’s cyber security approach.”
The NHS Trusts are not yet at the point where their cyber security is robust enough to gain the Plus and NHS Digital Deputy Chief Executive Rob Shaw was quoted as saying that some NHS trusts still have a “considerable amount” of work to do to get themselves better prepared.
You can read more about the situation in the article below:
Assessments after WannaCry attack reveal vulnerabilities across whole of health system Every NHS trust assessed for cyber security vulnerabilities has failed to meet the standard required, civil servants have said for the first time. In a parliamentary hearing on the WannaCry attack which disrupted parts of the NHS last year, Department of Health (DoH) officials said all 200 trusts had failed, despite increases in security provision.
The National Audit Office (NAO) made clear that NHS trusts had failed to act on critical alerts and warnings in 2014 to patch and upgrade older software. The WannaCry attack influenced Microsoft to release new security updates for older versions of Windows such as XP. The NHS was criticised during the fallout after WannaCry for the widespread use of outdated software such as Windows Vista.
Cyber Essentials certification will protect your organisation from 80% of common cyber threats. It is also a mandatory requirement for organisations wishing to win business with the MOD, and can help your organisation prepare and defend itself against malicious cyber attacks, regardless of the sector you operate in.