You are all likely to have heard on the news about – or were affected at work by – the WannaCry cyber-attack that affected organisations across the world, including the NHS.
But what happened and what can you do to reduce the chances of it happening again?
The WannaCry cyber-attack in May affected around 150 countries and, while not directed at the NHS, affected some NHS devices. In the UK, 47 NHS organisations were affected and many GPs switched their systems off following advice from their local clinical commissioning groups (CCGs). This resulted in many patients being unable to access healthcare when they needed to, as some records and appointment systems, as well as medical equipment, were not available.
A relatively small number of organisations in the NHS were infected by the WannaCry ransomware but news of the cyber-attack had a wider impact as other trusts and CCGs closed down their systems as a precaution.
To resolve the issue, affected organisations – whether they were trusts or GP surgeries – were asked to apply a ‘patch’ and to follow advice and guidance issued by NHS Digital.
These ‘patches’ are pieces of software designed to update a computer program, or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs.
All NHS organisations had been offered the patch earlier in the year before the WannaCry cyber-attack, but many had not applied it, leaving themselves vulnerable.
While NHS organisations should have good cyber security measures in place, no system is completely impenetrable, as seen by high-profile attacks on major global companies.
Doctors, nurses and staff across the system worked incredibly hard on 12 May when the WannaCry ransomware attack first hit, and throughout the following week, to keep services running as best they could. They then worked admirably to get everything back to normal as swiftly as possible once the problems were resolved.
Across healthcare, we all need to work collaboratively and learn from the events of 12 May. One of those lessons is that better data security on everyone’s part will greatly help to make the NHS more resilient and to prepare for a future cyber-attack.
“We will continue to provide support to people across all disciplines in health and care so that they know to remain vigilant”
NHS Digital created the Data Security Centre to support staff and to ensure we keep patient data safe and secure. We will continue to provide support to people across all disciplines in healthcare so that they know to remain vigilant; how to mitigate against further cyber-attacks; and to make sure that if there is one, they know what to do and where to go for advice and support.
Data security is something every individual member of staff has responsibility for – it is not just a technology issue or just something the ICT team has responsibility for. Data security is the responsibility of everyone across health and care.
As examples to think of - you wouldn’t leave your front door unlocked, but not having a secure password on your computer or sharing login credentials is the cyber equivalent to doing just that. Nor would you leave your engine running when nipping into the bank – but again, leaving your desk without locking your screen is the cyber equivalent. It risks data being either intentionally or unintentionally accessed by people who shouldn’t be seeing it.
We are all responsible for taking the basic and sensible steps to keep digital information safe.
Here are some top tips that you can follow:
- Always use unique, strong passwords for your work accounts. Always change them immediately, and report it, if you think they may have been compromised or you notice anything else suspicious;
- Never open a link or document sent from an unknown party;
- Your computer and devices will regularly alert you to new important security updates being available. These protect you from outside attacks – don’t ignore them or put them off;
- Always lock your computer screen by pressing the ‘Ctrl’, ‘Alt’ and ‘Delete’ buttons together whenever you’re moving away from your desk – even if you’re only going to be leaving your computer unattended briefly.
Anne Cooper is chief nurse at NHS Digital