You are here:
  1. Home
  2. News
  3. Stories
  4. NHS trusts failing to meet cybersecurity standards

NHS trusts failing to meet cybersecurity standards

14 February 2018

All 200 NHS trusts assessed for cybersecurity vulnerabilities have failed to meet the standard required.

In a Commons public accounts committee hearing on last year's WannaCry attack, NHS Digital deputy chief executive Rob Shaw said that the Department of Health’s findings do not mean the trusts had failed to take any action to boost cybersecurity.

Mr Shaw said the standards set out by National Data Guardian represent a ‘high bar,’ adding that while some trusts have a ‘considerable amount’ of work to do, others are ‘on the journey’ to meet requirements.

Simon Stevens, the chief executive of NHS England, told the meeting: ‘A whole bunch of things need to change.’

‘Great British firewall’ helps block 54m cyber attacks

GCHQ’s National Cyber Security Centre (NSCS) took down more than 120,000 fake websites last year and blocked 54m malicious online attacks.

The NSCS said HM Revenue & Customs was the most faked organisation, with 16,064 sites created by nearly 2,500 attack groups.

Meanwhile, more than 746,000 fake emails purporting to be from the NHS were sent in one month last year. Public agencies including the BBC, the Crown Prosecution Service and Universities UK were also targeted by the attack groups.

According to a report released this week, NCSC says its ‘active defence programme’ has led to a 2% reduction in the volume of global phishing and malware attacks hosted in the UK since July 2016.

The report’s figures show an average of 4.5m malicious emails purporting to be sent from government or public sector bodies are blocked each month.

Dr Ian Levy, technical director for the NCSC, said: ‘You don’t need to beat cyber crime - and it would be unrealistic to think we could . . . But we do want to make it as hard as possible and that means making it as unprofitable and risky as we can for cyber criminals to act in the UK.’

Quantum leap will put secrets at risk

Dr Levy has also this week commented on the threat to security posed by a new generation of super-fast quantum computers. The US National Security Agency believes that the advent of this new technology will mean that everything sent securely online will no longer be safe.

Dr Levy says: ‘If a state has invested a huge amount in a quantum computer, the logical thing is to attack cryptosystems.’

Sign-up to our weekly cybersecurity news digest

Our weekly news digest helps to keep you up-to-date with cybersecurity news stories relevant to the legal sector


key lock
International data transfer

Learn in this one hour webinar more about data transfer, adequacy decisions, EU/US Privacy Shield

International data transfer > More