Exclusive: Ministers Urged to Release Details of Cyber Security Audit of Hacked NHS Health Board
By [Journalist Name]
[City, Date]
– Senior health and cybersecurity officials are demanding that ministers publish the findings of an urgent cyber security audit conducted after a major ransomware attack on an NHS health board. NHS Highland, the health board covering the Highlands and Islands of Scotland, was hit by a sophisticated ransomware attack on Saturday, October 15th. The attack encrypted computer systems across the organization, disrupting patient care and causing widespread disruption. In response to the attack, the Scottish Government commissioned a cyber security audit to assess the vulnerabilities that allowed the attackers to breach NHS Highland’s systems and make recommendations for improving security. However, despite the audit being completed weeks ago, its findings have not been made public. Health and cybersecurity officials have expressed concern that withholding this information is putting other NHS organizations at risk. “The findings of this audit are crucial for protecting the NHS from further attacks,” said Professor Gordon Caldwell, professor of cybersecurity at the University of Glasgow. “It’s essential that we learn from the mistakes that were made and take steps to address them.” Sources within NHS Highland have indicated that the audit revealed significant weaknesses in the health board’s cyber security defenses. These weaknesses included a lack of up-to-date software patches, inadequate staff training, and a failure to implement basic security measures such as multi-factor authentication. “It’s clear that NHS Highland was not adequately prepared for this type of attack,” said Dr. Jane Smith, a cybersecurity consultant who has worked with several NHS organizations. “The audit needs to be published so that other health boards can take steps to strengthen their defenses.” The Scottish Government has so far refused to release the audit findings, citing concerns about operational security. However, health and cybersecurity officials argue that the public interest in protecting the NHS outweighs these concerns. “The people of Scotland have a right to know how their health data is being protected,” said Malcolm Gibson, chair of the Scottish Information Commissioner’s Office. “Withholding this information is a disservice to both patients and the public.” Ministers are now facing pressure to publish the audit findings either in full or in a redacted form. A number of MSPs have called for the findings to be released, and the Health and Social Care Committee has agreed to investigate the matter. “The Scottish Government must act in the best interests of the public and release this information,” said Anas Sarwar, the leader of the Scottish Labour Party. “The time for secrecy is over. We need to learn from our mistakes and ensure that the NHS is protected from future attacks.”
Exclusive: Ministers urged to release details of cyber security audit of hacked NHS health board
Ministers are being urged to release the findings of a cyber security audit of a hacked NHS health board, amid concerns that the public is being kept in the dark about the severity of the attack. The audit was commissioned by NHS Fife after the health board was hit by a ransomware attack in December, which disrupted patient services and led to the cancellation of appointments. The report, which has been seen by The Ferret, found that the health board had a number of vulnerabilities that allowed the hackers to gain access to its systems. These included a lack of multi-factor authentication, unpatched software and weak passwords. The report also found that the health board had not carried out regular cyber security audits, and that it did not have a clear plan in place for responding to a cyber attack. The Scottish government has refused to release the full report, arguing that it could compromise national security. However, The Ferret has learned that the report makes a number of recommendations for improving the health board’s cyber security, including: * Implementing multi-factor authentication * Patching software regularly * Using strong passwords * Carrying out regular cyber security audits * Developing a clear plan for responding to a cyber attack The Scottish government has said that it is committed to improving the cyber security of the NHS, and that it is working with NHS Fife to implement the recommendations of the audit. However, campaigners have called for the full report to be released, arguing that the public has a right to know the full extent of the risks to their health data.
Dr. Jane Lunnon, digital health and care policy lead at the Royal College of Physicians of Edinburgh, said:
“It is essential that the public is fully informed about the risks to their health data from cyber attacks. The Scottish government must release the full report of the cyber security audit of NHS Fife so that people can understand the extent of the problem and the measures that are being taken to address it.”
A spokesperson for the Scottish government said:
“The Scottish government is committed to improving the cyber security of the NHS. We are working with NHS Fife to implement the recommendations of the cyber security audit, and we will continue to take all necessary steps to protect the health data of the people of Scotland.”