CS Sep-Oct 2021
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
health check<br />
8AM AND I.T. IS IN FOR A VERY TOUGH DAY!<br />
STARK LESSON UNFOLDS IN THE CYBER SECURITY DANGERS THAT ARE LURKING 'OUT THERE'<br />
Cheshire and Merseyside Health and<br />
Care Partnership wanted to find out<br />
how well it would stand up to a<br />
cyber-attack. So, it asked Gemserv Health<br />
to put together a scenario-based response<br />
exercise that started with some seriously<br />
bad news - but uncovered a lot of useful<br />
information.<br />
It's 8am and it was a nice day until you<br />
turned on the radio. The news has just<br />
started and the lead story is that a video<br />
has been released showing a group of<br />
NHS leaders making worrying remarks<br />
about a Covid-19 vaccine.<br />
They seem to be suggesting that safety<br />
issues are being covered up and the share<br />
price of the vaccine maker has crashed<br />
10% overnight. The phone starts ringing.<br />
It's a press officer wanting to know what<br />
IT is going to do about this leak, or fake,<br />
or whatever it is.<br />
CYBER-ATTACKS SPREAD, FAST<br />
This is the scenario that greeted 22 heads<br />
of IT in Cheshire and Merseyside in spring<br />
<strong>2021</strong>. It was constructed by Gemserv<br />
Health, with input from Cheshire and<br />
Merseyside Health and Care Partnership,<br />
to find out how the integrated care system<br />
(I<strong>CS</strong>) would respond to a cyber security<br />
incident.<br />
Paul Charnley, digital lead for the I<strong>CS</strong>,<br />
explains that the commissioners, councils,<br />
hospitals and other providers in the area<br />
have their own policies and procedures<br />
in place. But the I<strong>CS</strong> didn't have an<br />
overarching response that was tested<br />
and ready to use.<br />
that requires every organisation to plan<br />
for and rehearse its response to a cyberattack,<br />
but one of the things that we<br />
learned from WannaCry is that a cyberincident<br />
can impact a large geography<br />
very quickly," he says. "We need to be able<br />
to coordinate.<br />
"The exercise that we ran really brought<br />
that to life. It was very salutary and very<br />
helpful, and it has given us a lot to think<br />
about. We have learned a lot since<br />
WannaCry, but we are in an arms race<br />
with the hackers and we've still got more<br />
to do."<br />
LEARNING FROM WANNACRY<br />
WannaCry was the worldwide ransomware<br />
attack launched in May 2017. It didn't<br />
target the NHS, but the National Audit<br />
Office estimated that 34% of trusts in<br />
England were impacted anyway.<br />
One reason was that the NHS employs<br />
a lot of people; with 1.3 million staff, it<br />
had a lot of malicious emails to contend<br />
with. Another was that WannaCry spread<br />
through older, unpatched Windows<br />
systems; and the NHS had a lot of those<br />
in computers and medical devices.<br />
However, a third<br />
problem<br />
was that there was no coordinated fightback.<br />
The NAO reported that the<br />
Department of Health had been working<br />
on a plan, but it hadn't been tested at a<br />
local level, so "it was not immediately clear<br />
who should lead the response and there<br />
were problems with communications."<br />
Some trusts couldn't be reached by email<br />
"because they had been infected by<br />
WannaCry or had shut down their email<br />
systems as a precaution", leaving a mix of<br />
switchboards, mobiles and WhatsApp as<br />
the only way through.<br />
ONLY AS STRONG AS WEAKEST LINK<br />
IT leads in Cheshire and Merseyside<br />
wanted to do better. "After WannaCry, we<br />
swore that we would work more closely<br />
together, under the tagline: 'we are only as<br />
strong as our weakest link'," says Charnley.<br />
The 22 heads of IT in the area agreed to<br />
standardise their policies and procedures,<br />
and to pool any funds made available by<br />
the NHS, to make the money go further.<br />
Cheshire and Merseyside HCP is now<br />
working with NHS Digital on a target<br />
cyber-security architecture and on a<br />
procurements process to deliver the<br />
strategy.<br />
"NHS Digital has a data protection toolkit<br />
16<br />
computing security <strong>Sep</strong>tember <strong>2021</strong> @<strong>CS</strong>MagAndAwards www.computingsecurity.co.uk