Two recent cyber attacks that cost the NHS millions of pounds and led to patients’ data being published online could have been mitigated with basic security measures, an integrated care board has found.
Wirral University Teaching Hospitals Foundation Trust was hit by a “targeted” cyber attack in November, which lasted about nine days, then three other trusts in Merseyside were hit in early December in an unconnected incident.
WUTH was forced to take its Cerner electronic patient record system offline, while some activity was either cancelled or rescheduled, which the trust has confirmed amounted to a loss of around £3m. A report to its board said its cancer performance “will take months to recover”.
In an update to ICB executives, chief digital information officer John Llewellyn said: “The incidents above may have been mitigated if core cyber security standards had been adhered to… There are still significant gaps in compliance with basic security standards in multiple organisations which, in turn, lead to vulnerabilities for all organisations because of the interconnected/cross organisational patient flows, clinical services (such as pathology and imaging) and supporting digital infrastructure and clinical systems.
“These are just examples, however, and there are many other technical aspects to cyber risk that need to be shared, understood and proactively managed in order to manage and mitigate these as effectively as possible.”
Read full story (paywalled)
Source: HSJ, 6 February 2025
0 Comments
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now