CS1805
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
comment<br />
COUNCIL OF WAR<br />
Every NHS trust that has been tested against cyber security standards since 2017's<br />
WannaCry attack has failed, NHS Digital has revealed, with plans now in place for<br />
surprise inspections at hospitals.<br />
Speaking at the Public Accounts Committee in Westminster, Rob Shaw, deputy CEO of<br />
NHS Digital, said that 200 NHS trusts had fallen short of the Cyber Essentials Plus certification<br />
when subjected to on-site assessments by the Care Quality Commission (CQC).<br />
Shaw appeared alongside NHS England chief executive Simon Stevens, Department of<br />
Health Permanent Secretary Sir Chris Wormold and NHS CIO Will Smart to answer MP's<br />
questions on the impact of last year's ransomware incident and what steps have been<br />
taken since.<br />
The influential Public Accounts Committee heard that a number of trusts that failed the<br />
inspection had done so because they had not carried out adequate patching on IT systems.<br />
How could this happen? After all, wasn't that a core vulnerability that was targeted<br />
by the WannaCry ransomware?<br />
In the wake of Wannacry, the immediate call that went out, far and wide, was to<br />
ensure such patching was carried out without any delay. How could this have been disregarded,<br />
when so much was at stake?<br />
Shaw said that NHS Digital was now working with the most vulnerable trusts on mitigation<br />
plans. He also stressed that measures were being put into place to address weak<br />
links in the chain. "It isn't the case that all of the trusts have done nothing around cyber<br />
security. The amount of effort it takes from NHS providers in such a complex estate to<br />
reach the Cyber Essentials Plus standard that we assess against is quite a high bar," said<br />
Shaw. "Some of the trusts have to do quite a considerable amount of work, but a number<br />
of them are already on the journey that will take them towards meeting that requirement."<br />
Really? To put it bluntly, 'stable doors' and 'horses' come to mind. What's needed now is<br />
fleet-footed action, but whose to say we won't be hearing of more than one trust that<br />
has suffered another major breach in the months ahead.<br />
Brian Wall<br />
Editor<br />
Computing Security<br />
brian.wall@btc.co.uk<br />
EDITOR: Brian Wall<br />
(brian.wall@btc.co.uk)<br />
PRODUCTION: Abby Penn<br />
(abby.penn@btc.co.uk)<br />
LAYOUT/DESIGN: Ian Collis<br />
(ian.collis@btc.co.uk)<br />
SALES:<br />
Edward O’Connor<br />
(edward.oconnor@btc.co.uk)<br />
+ 44 (0)1689 616 000<br />
Louise Hollingdale<br />
(louise.hollingdale@btc.co.uk)<br />
+ 44 (0)1689 616 000<br />
PUBLISHER: John Jageurs<br />
(john.jageurs@btc.co.uk)<br />
Published by Barrow & Thompkins<br />
Connexions Ltd (BTC)<br />
35 Station Square,<br />
Petts Wood, Kent, BR5 1LZ<br />
Tel: +44 (0)1689 616 000<br />
Fax: +44 (0)1689 82 66 22<br />
SUBSCRIPTIONS:<br />
UK: £35/year, £60/two years,<br />
£80/three years;<br />
Europe: £48/year, £85/two years,<br />
£127/three years<br />
R.O.W:£62/year, £115/two years,<br />
£168/three years<br />
Single copies can be bought for<br />
£8.50 (includes postage & packaging).<br />
Published 6 times a year.<br />
© 2018 Barrow & Thompkins<br />
Connexions Ltd. All rights reserved.<br />
No part of the magazine may be<br />
reproduced without prior consent,<br />
in writing, from the publisher.<br />
www.computingsecurity.co.uk May/June 2018 computing security<br />
@CSMagAndAwards<br />
3