Public Services > Central Government

NHS bodies warned to beware of Monday morning impact of cyber attack

David Bicknell Published 14 May 2017

Europol director fears more disruption as IT systems across the NHS are switched on at the start of a new week, including GP surgeries


The IT security crisis in some parts of the National Health Service (NHS) created by last Friday’s cyber attack that affected computers worldwide is being predicted to continue tomorrow with warnings of disruption as NHS organisations switch on their systems first thing on Monday morning.

The strongest warning came from the director of Europol, which assists EU member states in fighting crime and terrorism.

Rob Wainwright warned that the numbers of organisations affected worldwide was going up. He said, “I am worried about how the numbers will continue to grow when people go to work and turn their machines on on Monday morning. “

Most of England’s GP surgeries were closed to the public all weekend following the attack, though it is likely that many were actually working over the weekend to check their systems. One GP contacted on Saturday by Government Computing was already monitoring developments as the crisis spread.

It was reported that surgeries were sent a bulletin on Sunday advising them what to do if they discover their computers have been hacked and how to get support from NHS Digital and the National Cyber Security Centre (NCSC), which is handling the response.

There is understood to have been contact between several organisations as the crisis spread. As well as close collaboration between the NCSC and NHS Digital, it is understood the Information Commissioner’s Office (ICO) has already been discussing future ways forward with information governance in mind, particularly in relation to the safety of personal clinical data.

The Prime Minister has insisted that patient data has not been compromised by the attack, though it may be too early to prove that is the case. Theresa May said, “We are not aware of any evidence that patient data has been compromised.”

An ICO spokesperson highlighted the organisation’s role in policing information governance within the NHS, directly in relation to the safety of personal data being held on IT systems. He also pointed to organisations’ responsibilities under the Data Protection Act, notably the responsibility of the holder of personal information to ensure its systems are up to date, including any necessary security patching and updating of systems.

The Seventh Principle of the Act specifically says, “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

It goes on, “Having regard to the state of technological development and the cost of implementing any measures, the measures must ensure a level of security appropriate to:

(a ) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage as are mentioned in the seventh principle, and

(b) the nature of the data to be protected.

The ICO spokesperson said the organisation does regular spot audits on organisations holding personal data, including NHS trusts, and potentially including some who may have been caught up in the cyber attacks.

Asked about the need for an “IT Ofsted” to provide mandatory oversight of information governance, NHS Digital specifically pinpointed the role of the ICO in being the regulatory body for information governance.

In a statement on Saturday summing up the then latest situation, NHS Digital said, “We are continuing to work around the clock to support NHS organisations that have reported any issue due to yesterday's cyber-attack. We have received no reports of patient data being compromised.

“We are not publishing a list of those we are assisting at this stage; given the situation is changing and impacting organisations in a range of different ways. For instance we are aware some bodies, which range from practices to trusts, may have suspended selected systems purely as a precautionary measure.

“We are aware of widespread speculation about the use of Microsoft Windows XP by NHS organisations, who commission IT systems locally depending on population need.

“While the vast majority are running contemporary systems, we can confirm that the number of devices within the NHS that reportedly use XP has fallen to 4.7 per cent, with this figure continuing to decrease.”

Highlighting the role NHS Digital was playing, a spokesperson pointed to its delivery of a range of data security services that support NHS organisations to take appropriate cyber security measures and help them to respond effectively and safely to cyber security threats. These include:

  • broadcasting information to NHS organisations about known cyber security threats and appropriate steps to take to minimise risks
  • protective real time monitoring of national NHS IT services and systems, which have all been designed to have strong security measures
  • undertaking free cyber security testing for NHS organisations and giving them bespoke advice about appropriate steps they can take, and
  • training for health and care staff designed to ensure frontline workers are aware of their own responsibility towards ensuring cyber security in their organisations

The cyber crisis prompted an outpouring of comment from security companies eager to add their voices to the discussion.

One active on Saturday was Elliptic, which pointed out where ransom-ware Bitcoin payments prompted by the cyber attacks were going. It also created a four-step plan for ransom-ware readiness and response, including assessing the risk; obtaining the bitcoins; making the payment; and identifying the attacker.

The problems caused by the cyber attack also became a General Election issue over the weekend, with Labour and the Liberal Democrats blaming the crisis on the government’s failure to upgrade hospital systems.

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.