What went so wrong at the NHS?

Today’s shocking report on the scale of the cyber-attack on the National Health Service has revealed the true extent of the attack and the has allegedly linked North Korea to the source of the attack. Renowned cyber security expert and CEO of Axial Systems Mike Simmonds gives some strong thought provoking insight in regards to why this attack was allowed to happen and what went so wrong at the NHS.

​Mike Simmonds, CEO Axial Systems said, “Basic security processes need to be followed and unfortunately the NHS appear to have been caught out by their lack of cyber-hygiene when it comes to building-in a robust response to a technological failure that should have been contained, like any outbreak, as close to ‘patient zero’ as practically possible.  It appears that the behaviour of keeping software and systems patched up- to-date was not followed, that preventative firewall rules were not regularly verified, and the basic user training of what to do in the event of this particular scenario, was not carried out.”

“With technology that is routinely used in caring for patients and keeping them alive, relying on bespoke customisations to provide what is needed, a simple patch or operating system upgrade, which in the business-world is at worst an inconvenience. It may be impossible to re-verify custom software on new hardware/software as perhaps it is simply not designed to run in a new environment. There may not even be capacity in an already stretched environment for money to be spent off the front line and away from patients to test and test again.

“Sadly, once a non-disruptive ‘sticking plaster’, behaviour starts to embed itself in any business. When surprises like WannaCry make an appearance, and the team that should be responsible for making sure the event in the first place was avoided, hold their hands up and admit that the ethos in the business prevents them from doing what is needed to keep the bad guys at bay.

“Operational training for all that come into contact with the technology employed as the life-blood of the business is something that should be mandatory, and should be frequently updated and repeated and tested. There must be robust and up-to-date technology which also forms part of the layers of defence that are employed to isolate the hygienically clean interior of any organisation, from the potentially virus laden exterior. Scenarios of failure need to be imagined, and enacted as if that was the new normality, to probe for areas that need extra care and attention, improved focus, or indeed, a change of technology to better the ecosystem for all concerned.  The Cyber fire-drill.

“The expense of the cure will always be more than the cost of the prevention, and budget needs to be provided to give our NHS the shot-in-the-arm that it needs in this, and many other regards.  With more than a third of the NHS trusts in the UK being affected, as well as countless doctors’ practices just by being on the N3 NHS network, basic training should be provided immediately, and technology swiftly falling in behind to prevent another breach.”

Mike Simmonds Bio: Mike is an established thought leader on cyber-security topics after already appearing in newspapers such as The Telegraph . Mike has dedicated his career to the communication and networking industry. Mike’s outstanding technical knowledge, combined with a detailed understanding of the challenges and needs of global customers, has given him a wealth of experience helping him to establish his position as an industry thought-leader on Cyber security and topics such as GDPR.
About Axial Systems

Axial Systems is one of the UK’s leading solution providers and systems integrators of network, security and services.

Our wide-ranging and innovative technology portfolio, coupled with our technical expertise, enables us to deliver high-performance and world-class network and security solutions with accompanying managed and support services.   We completely understand that for any organisation’s network, control is everything.

Axial’s Customers include blue-chip financial institutions, legal firms, wired and wireless service providers, along with public sector organisations ranging from NHS trusts, education establishments, “blue-light” emergency services and regional and central government.  For further information on Axial Systems’ portfolio of solutions, visit www.axial.co.uk.