There were no surprises as WannaCry dominated cyber security talks at EHI Live this week, with NHS Digital and NHS England both raising their hands in admitting that more needs to be done in establishing a better communication process to prevent and respond to cyber-attacks.
During his cyber security session talk at the Birmingham event, NHS England’s head of architecture Inderjit Singh said the organisation is working with NHS Digital and NHS Improvement on improving some of the network monitoring and national services, to help organisations understand where there are threats and vulnerabilities.
He said there has been discussions around having local ‘cyber leads’ and creating ‘cyber champions’ across the service as “go-to” people for when an attack occurs.
“We are now moving to a place where we require every organisation to sign up to CareCERT alerts too, so they proactively respond to say “yes, I received the alert” and action it.”
He said it is to understand the type of threats that are out there and how to best communicate it back down locally.
“We need to ensure that organisations, boards and their staff are taking the cyber threat seriously, understand the direct risks to frontline services and work pro-actively to maximise their resilience and minimise impacts on patient care.”
Singh emphasised that the key lesson about WannaCry is moving the discussion from it being a technical issue to one of business continuity – – agreeing with NHS Digital’s deputy chief executive Rob Shaw that it is about a collaborative approach to address issues such as communication.
“This was a known vulnerability; it was something that we could have acted upon, so there really is a strong call out about how we can collectively work together to be on the front foot around cyber threats and improving cyber resilience”, Singh said. “It’s not a matter of if, but when it occurs.”
With NHS Digital not issuing its first initial communication on the subject until about four hours after receiving reports about the attack, Shaw, said: “That’s way too long.”
“We know we need to get better communications, not just us, but as a system – NHS England, NHS Improvement and the Department.”
“We need to be able to provide you with those tools to make informed decisions.”
For Singh, he said communication is one of the most fundamental bits of cyber security.
“Communication was a clear feedback – how do we at a local, national and regional level come together with effective communication channels.”
He said discussions need to be a board level agenda item.
“In order for us to really stand out in the cyber agenda at board level, this has got to be a collective set of conversations – there is a role for every organisation. As NHS England, there is a clear role around establishing that board level leadership and recognition.”
Singh spoke about enforcing the National Data Guardian’s 10 data security standards and how the Care Quality Commission and NHS Improvement will ensure every organisation implements it. “It is important we collectively have those conversations around the data guardian standards.”
The other key activities NHS England will enforce include establishing a clear contractual and regulatory framework, building local performance and boosting capability and improving threat surveillance and incident responses.
“This is something that is here to stay – this is about readiness”, Singh said.
6 November 2017 @ 12:51
Prior to moving to NHSmail we were pulling 2000+ spam and virus-bearing emails out of the incoming stream every day – this was AFTER they’d been filtered by the NHS.net email gateway. It’s no surprise that moving to NHSmail will see an increase in spam emails – their filters have to be tuned for the lowest common denominator, and can’t be tailored to organisational need.
6 November 2017 @ 16:20
hate to say this but i also feel its got worse since nhsmail2.. but it may be its more under attack.. and my email is out there more.
4 November 2017 @ 11:18
Neil, you might want to check where your NHS.net email has been included in Data breaches of various organisations, which you can do here: https://haveibeenpwned.com/ This is a legitimate service and can give you some idea of the scale of nhs.net emails that are in various Online databases which are used to generate SPAM/Phishing emails. I too am amazed at the amount of Phishing/scam emails and how it has increased dramatically, in my view, post the deployment of NHSMail2. From research I have done, there are at least a third of the total of NHSmail accounts, included in various Online databases.
6 November 2017 @ 16:19
thanks.. im on 6 dbs!
3 November 2017 @ 16:24
Fascinatingly our local CSU updated our antivirus last week. We were heavily hit by Wannacry. In the week its found 74 threats – including multiple Artemis Trojans. believe me im not clicking on links or opening attachments – im on a shared machine. but we appear to be under attack – ive never seen so many scam emails