Following a massive ransomware attack on Friday, Health Secretary Jeremy Hunt has issued orders to the NHS to upgrade all outdated systems within ten months.
NHS hospitals have frequently been victimised by malware attacks due to lack of cyber-security education and presence of outdated systems.
The fact that NHS institutions were the worst victims of the WannaCry ransomware attack on Friday didn't come as a surprise to many security experts. NHS hospitals and trusts have been known to be victimised by hackers in the recent past mainly due to 'widespread' use of unsupported Windows XP operating system. In 2015, nearly half of NHS trusts in England were hit by ransomware, according to data obtained by NCC Group via a freedom of information request.
WannaCry ransomware impact on NHS servers may escalate this week
However, Hunt says that major progress has been made so far and that he aims to eliminate use of Windows XP in NHS institutions by the end of March next year.
“Just 18 months ago nearly 20 per cent of our NHS devices were running on XP – that’s been reduced to 4.7 per cent, so real effort has been made,” he said on Monday, three full days after the cyber-attack and accusations on him 'hiding from the public.'
“According to our latest intelligence, we have not seen a second wave of attacks. And the level of criminal activity is at the lower end of the range that we had anticipated and so I think that is encouraging,” he added. According to the BBC, a total of 11 NHS trusts are still facing problems following the ransomware attacks on Friday.
NHS: ‘Widespread’ use of unsupported Windows XP ‘putting data at risk’
“Whilst many authorities now only use a small number of devices that run Windows XP, the transition to a newer operating system needs to happen as a matter of urgency," said Citrix director of sales for the UK and Ireland Jon Cook.
“With the health sector accounting for the most data security breaches across all public sector departments, it is critical that up-to-date and secure software is in place to safeguard patient data against cyber attackers,” he added.
Security researchers had previously warned that the impact of WannaCry ransomware could escalate this week following re-opening of hospitals after the weekend.
NHS, cybersecurity and GDPR: A look at the state of affairs in the health sector
"On Monday morning at the start of the new working week it's likely that successful attacks from Friday that haven't yet become apparent will become apparent. And also existing known infections can spread, we can't say what scale the new cases will occur at but it's likely there will be some," said Ciaran Martin, chief executive of the National Cyber Security Centre to the Press Association.
According to a report from Business Reporter, “approximately 70 per cent of (NHS) Trusts said they had limited training programmes if any in place to safeguard organisational information, including patient records, for staff using personal devices.
"Another factor is that NHS trusts (and the NHS itself) are complex organisations that involves many disparate entities that communicate using different (or absent) security protocols – which gives hackers plenty of opportunity," the report added.