NHS delays annual cyber security checks due to coronavirus chaos

NHS left vulnerable to hackers as its annual cyber security checks on systems across hospitals are delayed due to coronavirus chaos

  • Digital transformation group NHSX announced the six month delay in checks
  • Each NHS Trust and group has to return the annual cyber security checklists
  • They are designed to ensure systems are not being left vulnerable to attack 
  • The delay is to allow managers and professionals time to focus on coronavirus 
  • Coronavirus symptoms: what are they and should you see a doctor?

The NHS is vulnerable to hackers after new security checks on systems across the health service were delayed while managers deal with the coronavirus pandemic. 

Security checks will be delayed for six months when it is hoped the number of coronavirus patients will have passed a peak.

The cyber security resilience checks happen every year and are designed to protect the NHS from attack by assessing potential risks. 

The health service digital transformation body NHSX gave the reprieve to allow healthcare workers and managers to focus on COVID-19 response plans.  

Scroll down for video 

Hackers are using the current coronavirus pandemic to target vulnerable people and are disguising themselves as health care workers and organisations. Stock image

NHS trusts and related organisations are supposed to submit a data security and protection toolkit every year to ensure their systems and databases are hack-proof. 

The delay comes as the NHS acknowledged a rise in the number of people using COVID-19 as a way to steal information and hack into systems. 

The toolkits were due to be completed and sent to NHSX by the end of March but they won’t have to do this until September now and it could be reviewed again.

 NHSX said in a briefing it was ”critically important’ that the health service and social care organisations remain ‘resilient to cyber attacks’ during the outbreak. 

The digital organisation says that if groups complete their checklists early they are able to send them off and they will be awarded a ‘standards met’ status.

NHS Digital chief executive Sarah Wilkinson said there were no particular concerns about any pandemic linked cyber threat to the NHS. 

NHSX told health and care organisations it was vital they remain vigilant during the pandemic and watched for any potential threats. 

NHS trusts and related organisations are supposed to submit a data security and protection toolkit every year to ensure their systems and databases are hack-proof

“Whilst the DSPT submission deadline is being relaxed to account for COVID-19, the cyber security risk remains high,’ the organisation said.

‘All organisations must continue to maintain their patching regimes.’

The threat facing the NHS and health organisations is particularly intense during this potentially long-lasting coronavirus pandemic. 

Any attacks launched against Trusts over the next few months could lead to significant patient harm, warn cyber security experts. 

Hackers are already posing as healthcare agencies including the World Health Organisation and the Centre for Disease Control to launch phishing attempts. 


In May 2017, a massive ransomware virus attack spread to the computer systems of hundreds of private companies and public organisations across the globe.

The software locked computers and asked for a digital ransom before control is safely returned.

In just a few hours, the malware had already infected victims in at least 74 countries, including Russia, Turkey, Germany, Vietnam, and the Philippines – and was estimated to be spreading at a rate of five million emails per hour.

Hospitals and doctors’ surgeries in England were forced to turn away patients and cancel appointments after the attack crippled the NHS. 

The WannaCry virus targeted Microsoft’s widely used Windows operating system.

The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.

It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.

The hackers asked for payments of around £230 ($300) in Bitcoin.

When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.

It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.

Source: Read Full Article