Calls for ‘urgent action’ after leaked report on NHS cyber security failings

Labour has called on Health Secretary Jeremy Hunt to ‘wake up’ to the cyber threat against the National Health Service and take urgent action to prevent another devastating attack.

A leaked internal report from NHS Digital’s head of security operations, Chris Flynn, revealed a string of digital security failings in the beleaguered health service.

In the report, Flynn said there was a “false sense of security” among staff over cyber security and drew attention to a wide range of weak passwords, poorly protected patient data and general security failings.

The report said many NHS organisations had failed to install vital security updates that were meant to be installed four years ago at the latest.

Mr Flynn stated that many NHS trusts, GP practices and clinical commissioning groups had good security policies but that they were not being properly implemented.

Another concern is that, currently, practically all NHS organisations give any member of staff with a computer log in (even at the most junior level) access to confidential data.

The findings raise fresh fears after the crippling hack attack from the WannaCry ransom group, which led to more than 15,000 appointments being cancelled and forced many GP surgeries to close until the threat was brought under control. In response, Labour has called on Mr Hunt to make immediate assessments and tighten security across all areas of the NHS, as well as launching a full, independent inquiry into the WannaCry attack in order to avoid a rerun.

Justin Madders MP, the Shadow Health Minister, said: “This damning briefing should be a wake-up call to the Health Secretary that cyber security remains a matter of immediate urgency and must be at the heart of Government planning.

“It is frankly shocking that after the worst cyber security attack in the NHS’s history our health service still remains highly vulnerable to future threats. This is yet another example of how insufficient funding is placing patient safety at risk.

“The Government must immediately act in the interests of patient safety to ensure a similar attack on the NHS never happens again.”