‘Outdated’ IT system leaves NHS at risk of further cyberattacks

The chief executive and founder of the National Cyber ​​Security Centre has warned that parts of the NHS IT system are “outdated” and vulnerable to further cyber attacks.

In June, more than 6,000 appointments and procedures at major London hospitals were postponed due to a cyberattack.

Professor Ciaran Martin said he was “horrified but not entirely surprised” by the ransomware attack.

In an interview with the BBC, he said: “Ransomware attacks on the healthcare sector are a serious problem worldwide.

“It is very clear in some areas of the NHS that some of the IT is out of date.”

Professor Martin, who is now at the University of Oxford, said outdated IT systems, identifying vulnerabilities and basic security practices were key issues facing the NHS.

NHS England has confirmed that data stolen in a ransomware attack on pathology provider Synnovis on 3 June has been published online.

According to the BBC, Russian cyber gang Qilin has released almost 400GB of data on its darknet site and Telegram channel, including patient names, dates of birth, NHS numbers and blood test descriptions.

However, NHS England said there was “no evidence” cybercriminals had released the entire database, but it could be “several weeks” before we know which people were affected by the attack.

Last week, NHS England said 4,913 outpatient appointments and 1,391 planned procedures were postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust.

NHS leaders said the attack at the two worst-hit hospitals delayed 1,517 urgent outpatient appointments and 136 planned procedures between June 24 and 30.

Emergency and recovery services continued to operate as usual.