Site navigation

NHS ‘Urgently’ Needs to Invest in Cyber Resilience Measures

Sinead Donnelly


contact tracing

Action must be taken to address the NHS’s out-dated computer systems, lack of investment and a lack of cybersecurity skills and awareness, researchers have warned.

The NHS remains vulnerable to cyber-attacks and must take “urgent steps” to protect itself, according to a whitepaper by Imperial College.

The paper was presented to the House of Lords this week and suggests that the combination of out-dated computer systems, lack of investment and a lack of cybersecurity “skills and awareness” are leaving hospitals at risk.

Written by researchers from Imperial College London’s Institute of Global Health and Innovation led by Professor the Lord Ara Darzi, the report collected evidence from NHS organisations, and examples of previous attacks in the UK and across the globe. The report emphasises that more investment is urgently needed.

According to the research, there are various key measures the NHS trusts can implement to increase cyber resilience. These initiatives include “employing cybersecurity professionals in their IT teams, building ‘fire-breaks’ into their systems to allow certain segments to become isolated if infected with a computer virus, and having clear communication systems so staff know where to get help and advice on cybersecurity”.

The report also refers to a number of new technologies being used in the health system, such as robotics, artificial intelligence and implantable medical devices and personalised medicines based on a person’s genes. It emphasises that scientists must build security into the design of these technologies.

Commenting on the cyber-security risks, Lord Darzi, co-director of the Institute of Global Health Innovation, said: “We’re in the midst of a technological revolution that is transforming the way we deliver and receive care.

“But as we become increasingly reliant on technology in healthcare, we must address the emerging challenges that arise in parallel.

“This report highlights weaknesses that compromise patient safety and the integrity of health systems, so we are calling for greater investment in research to learn how we can better mitigate against the looming threats of cyber-attacks.”

In recent years, cyber-attacks on the healthcare systems have been rapidly increasing. The global WannaCry attack in 2017, which took out 34 NHS trusts in the UK, cost the Department of Health and Social Care around £92 million. Consequently, thousands of appointments were cancelled and some patients were diverted to other hospitals. The authors of the new report warn that the number and sophistication of attacks is rising.


Dr Saira Ghafur, lead author of the report from the IGHI, explained: “Since the WannaCry attack in 2017, awareness of cyber-attack risk has significantly increased. However we still need further initiatives and awareness, and improved cybersecurity ‘hygiene’ to counteract the clear and present danger these incidents represent.

“The effects of these attacks can be far-reaching – from doctors being unable to access patients test results or scans, as we saw in WannaCry, to hackers gaining access to personal information, or even tampering with a person’s medical record.”

In October 2018, the Department of Health and Social Care announced a spend of £150 million over the next three years to protect key services from the threat of cyber attacks.

The department also recently announced the creation of a new unit called NHSX that will oversee digital transformation. It is hoped that this organisation will help streamline cybersecurity accountabilities.

sinead photo

Sinead Donnelly


Latest News

%d bloggers like this: