Health trusts vow they are constantly ‘vigilant’ over cyber attack threat

Have your say

HEALTH trusts across the area have said they are ‘constantly vigilant’ to the threat of cyber attack.

It comes after the House of Commons’ public accounts committee found the Department of Health and the NHS as a whole have ‘a lot of work to do to improve cyber-security for when, and not if, there is another attack’.

Health trusts across the area have said they are 'constantly vigilant' to the threat of cyber attack

Health trusts across the area have said they are 'constantly vigilant' to the threat of cyber attack

But Portsmouth Hospitals NHS Trust, which runs Queen Alexandra Hospital in Cosham, Southern Health and Solent NHS Trust all say they are protecting their IT.

The PAC report comes after the WannaCry ransomware attack on the NHS last year, with dozens of health trusts affected by the attack.

The committee said 200 trusts had failed an assessment by NHS Digital focussing on to testing cyber security and identifying vulnerabilities.

As reported, 12 machines at Solent NHS Trust were infected by the bug did not spread and a patch was in place.

A spokeswoman for Portsmouth NHS Hospitals Trust said its ‘cyber defences were sufficient to ensure it was not directly affected by the WannaCry attack in May’.

She added: ‘However, cyber attacks constantly evolve and the Trust recognises it must continuously improve its cyber security measures to keep safe the data its services to patients rely upon.

The Trust constantly monitors the alerts issued by NHS Digital regarding potential cyber threats and vulnerabilities and takes action to combat those that may affect Trust services.’

The spokeswoman said the trust operates within the National Cyber Security Centre’s 10 steps framework.

She added: ‘The trust maintains a programme of independently approved security penetration testing, which provides an assurance framework and programme for improvement.

‘The trust also has plans in place to achieve Cyber Essentials Plus accreditation, as recommended by NHS Digital.’

The committee’s report said the department had not ‘estimated the financial impact of WannaCry’, meaning trusts could not target investment.

The report added: ‘Not all local bodies have the means to update and protect systems without disrupting the ongoing delivery of patient care.’

However, Southern Health NHS Foundation Trust said it had recently won £600,000 funding from NHS Digital.

Edward Purcell, IT Security Specialist at the trust, said: ‘We take cyber security and the safety of our patients’ data very seriously and Southern Health systems were not affected by the WannaCry attack.

‘However we remain constantly vigilant.’

A Solent NHS spokesman said its IT team acts on ‘all security alerts sent through NHS Digital’, and added: ‘We also test and apply patches and anti-virus updates at regular intervals in compliance with NHS Digital and Microsoft’s recommendations to ensure maximum protection.’