Cybersecurity and the NHS

Claire Small
Authored by Claire Small
Posted Monday, February 25, 2019 - 7:42am

On average, NHS England helps over one million patients every 36 hours. Like the majority of organisations, most of its data is stored on computers. This is largely sensitive information. 

For this reason, cybersecurity is imperative – for service users and providers. Hacks can be highly damaging. The so-called WannaCry incident, which occurred in May 2017, demonstrated this. 

Hackers managed to shut down computers across the world, demanding high ransom payments. The global attack affected a third of NHS England hospitals and eight per cent of GP practices. 

Almost two years later, we explore how the NHS has improved the safety of Electronic Health Records (EHR)

Lessons Learned 

Eight months after WannaCry, the DHSC (Department of Health and Social Care), NHS England and NHS Improvement published 22 “lessons learned” from the event. 

Written for the general public, the document offers a full review of the attack, its impact on NHS services, and how its directors and the government have responded to it. It states that, as of February 2018, specialists had already made progress in increasing the resilience of NHS-owned data software. 

In addition, the report promises to provide national, regional and local incident handling plans to all hospitals, practices and trusts in England. The file has been designed to help NHS professionals prepare effectively for any kind of security breach in future. 

It details how NHS England plans to enhance its data system over the coming years. 

Technology Updates 

The high costs incurred by WannaCry show that cyber-attacks don’t just threaten safety – they can also massively reduce funds. This has further incentivised the NHS and government to invest in better cyber-protection technology. 

To achieve this target, the government has continued to put money into software security and infrastructure for the NHS. As of 2018, the health department announced that £150m will be spent across three years on this initiative. 

Similarly, the NHS has joined a deal to upgrade its computer systems to Microsoft Windows 10. This may be in response to heavy suggestions that its 17-year-old operating technology had left it more vulnerable to hacking. 

Technology investments made by both parties could significantly reduce the likelihood of an attack in future. 


WannaCry has highlighted the importance of data protection. General Data Protection Regulation (GDPR) can help to strengthen client security across industries. The law, which came into force throughout Europe on May 25, 2018, was created to modernise information regulations. 

The NHS requires a system that can store, update, and secure huge amounts of complex and vital information. GDPR could provide a solution. 

It has not only been designed to eliminate the issue of cyber invasion. It also helps firms to identify trustworthy software – and this enable the organisation to maximise its cyber safety. 

Cybersecurity is paramount for any service. For the NHS, it is imperative. This institution deals with massive stores of highly sensitive information. Moving forward, it looks set to guarantee ultimate data safety for its staff and patients. 

Share this