Ministers are today urged to “get a grip” on the cyber threat facing Britain as MPs publish their damning verdict on a crippling web attack launched by North Korea.
Only the timing of last year’s massive WannaCry assault prevented much greater disruption across the “ill-prepared” NHS, which was forced to cancel 20,000 operations, according to the Public Accounts Committee
Chairwoman Meg Hillier said: “This case serves as a warning to the whole of Government: a foretaste of the devastation that could be wrought by a more malicious and sophisticated attack.
“When it comes, the UK must be ready.”
Culture Secretary Matt Hancock today insisted the NHS had improved its systems since the attack. But he admitted: “There’s clearly more to do domestically.”
Russia is hacking tens of thousands of British home computers to pave the way for a crippling cyber attack
Russian forces lined up along NATO’s border for ‘assault’ operations
Today’s 21-page report comes a day after UK and US security chiefs issued an unprecedented alert over Russian “malicious cyber activity”.
Spooks revealed that tens of thousands of British families’ computers had been targeted over the past year.
The PAC says that “while the NHS needs to recognise cyber security is essential for patient safety, there are also lessons from WannaCry for the whole of government”.
Outlining how the May 2017 attack could have been worse, the study says: “WannaCry could have had a more serious impact on the NHS if it had not happened in the summer, or on a Friday, or if the kill switch not been discovered so soon by a cyber-security researcher.
“While WannaCry was a relatively unsophisticated and financially motivated attack, future attacks could be more sophisticated and malicious in intent, and involve the theft or compromise of patient data.”
NHS chiefs have admitted that “cyber-attacks are now a fact of life and that the NHS will never be completely safe from them”, MPs say.
But the huge hack should serve a s a warning across Whitehall, the committee stresses.
“The whole of government is at risk of a cyber-attack and, while the Department and NHS bodies are learning lessons from WannaCry, the whole of government must also learn lessons from the cyber-attack,” says its report.
It recommends ministers develop “a full understanding of the cyber security arrangements and IT estate of all local NHS organisations”.
Ms Hillier added: “Government must get a grip on the vulnerabilities of and challenges facing local organisations, as well as the financial implications of WannaCry and future attacks across the NHS.
“Cyber security investment cannot be properly targeted unless this information is collected and understood.
“There is much important work to do and we urge the Department (of Health and Social Care) to provide us with an update by the end of June.”
Meanwhile, Theresa May today announces Britain will pump £15million into boosting cyber security in Commonwealth countries over the next three years.
The Prime Minister, who holds an intelligence partners meeting with her counterparts from Australia, New Zealand and Canada later, revealed a Commonwealth summit declaration will commit nations to raising national levels of online security.
She said: “The future is at the heart of the Commonwealth events being held this week and with that, we must look towards the emerging challenges that we and our Commonwealth partners face.
“Cyber security affects us all, as online crime does not respect international borders.
“I have called on Commonwealth leaders to take action and to work collectively to tackle this threat.
“Our package of funding will enable members to review their cyber security capability, and deliver the stability and resilience that we all need to stay safe online and grow our digital economies.”