The federal government and NHS our bodies have been criticised by MPs for failing to implement measures to enhance cyber-security almost a yr after a serious ransomware assault on the service.
Twenty-two suggestions have been made after the WannaCry assault led to just about 20,000 cancelled hospital appointments.
The Public Accounts Committee mentioned it was “alarming” these measures had nonetheless not been launched.
The federal government mentioned cyber-security within the NHS had improved because the assault.
- NHS trusts ‘at fault’ over cyber-attack
- NHS companies hit by cyber-attack
The PAC report discovered the Division of Well being and Social Care (DHSC) and NHS our bodies had been “unprepared” for the worldwide WannaCry assault, which occurred in Could and affected greater than 200,000 computer systems in a minimum of 100 international locations.
A complete of 80 of 236 NHS trusts throughout England suffered disruption, in addition to one other 603 NHS organisations, together with 595 GP practices.
MPs mentioned the assault may have been “a lot worse” and the NHS had been “fortunate” the risk had been tackled shortly.
However they warned future assaults may very well be extra refined and malicious, “ensuing within the theft or compromise of affected person knowledge”.
In February, the DHSC, NHS England and NHS Enchancment revealed a set of 22 “classes realized” suggestions following the cyber-attack.
However months later the DHSC nonetheless didn’t know what the proposals would value or once they could be applied, the committee mentioned.
Meg Hillier, who chairs the PAC, mentioned: “The intensive disruption attributable to WannaCry laid naked severe vulnerabilities within the cyber-security and response plans of the NHS.
“However the influence on sufferers and the service extra usually may have been far worse. And authorities should waste no time in getting ready for future cyber-attacks – one thing it admits at the moment are a truth of life.
“It’s due to this fact alarming that, almost a yr on from WannaCry, plans to implement the teachings realized are nonetheless to be agreed.”
The report mentioned cyber-attacks have been “weapons” that wanted to be handled as a “severe, essential risk”.
It mentioned the usage of a nerve agent to poison former spy Sergei Skripal and his daughter Yulia in Salisbury had “heightened issues concerning the UK’s capability to answer worldwide threats, and hammers dwelling the dangers from these hostile to the UK”.
The report mentioned: “A cyber-attack is a weapon which might have a huge effect on security and safety.
“It must be handled as a severe, essential risk.
“The remainder of authorities may additionally be taught essential classes from WannaCry.”
Amongst different suggestions, the committee known as on the DHSC and NHS our bodies to urgently agree on and implement cyber-security plans and supply an replace on their progress to the committee in June.
A Division of Well being and Social Care spokesman mentioned: “Each a part of the NHS have to be clear that it has realized the teachings of Wannacry.
“The well being service has improved its cyber-security because the assault, however there may be extra work to do to guard knowledge and affected person care.
“We’ve got supported that work by investing over £60m to handle key cyber-security weaknesses – and plan to spend an extra £150m over the following two years to enhance resilience, together with organising a brand new Nationwide Safe Operations Centre to spice up our capability to forestall, detect and reply to incidents.”
A earlier report by the Nationwide Audit Workplace discovered NHS trusts had been left susceptible in the course of the assault as a result of cyber-security suggestions had not been adopted.