A lack of accountability and investment in cyber-security has been blamed for the recent WannaCrypt virus that hobbled multiple hospital NHS IT systems last month in England, a report by The Chartered Institute for IT concludes.
The report, published today, comes following a similar, but more limited attack against UK-based companies as the result of the spread of the NotPetya ransomware earlier this week.
Whilst doing their best with the limited resources available, the Chartered Institute for IT report suggests some hospital IT teams lacked access to “trained, registered and accountable cyber-security professionals with the power to assure hospital Boards that computer systems were fit for purpose”.
The healthcare sector has struggled to keep pace with cyber-security best practice thanks in large part to a systemic lack of investment. The WannaCrypt attack was an accident waiting to happen, according to David Evans, director of community & policy at The Chartered Institute for IT.
“Unfortunately, without the necessary IT professionals, proper investment and training the damage caused by the WannaCrypt ransomware virus was an inevitability, but with the roadmap we are releasing today, will make it less likely that such an attack will have the same impact in the future,” Evans said.