NHS hospitals across Wales suffered a “widespread failure in computer systems”, the BBC reports. Hospital staff were unable to access the NHS’s internal portal, plunging the hospitals into “chaos”.
“I can’t do anything. I need this system for everything,” one GP said.
The National Cyber Security Centre told the BBC that the issue was not caused by a cyber attack, but was the result of technical issues.
The Welsh Government has since confirmed that all systems are now back up and running, but it warned “there may be a backlog affecting some areas”.
Angela Burns, the Welsh Assembly’s opposition health spokesperson, told the BBC that the issue was “incredibly concerning, especially in the aftermath of last year’s ransomware attack on the NHS”.
She added: “The focus must now be on supporting these centres to manage this incident swiftly so that patient data is secure and that care is not adversely affected.”
Although many will breathe a sigh of relief knowing this isn’t an attack in the vein of WannaCry, there are recurring concerns over the NHS’s business continuity management. The damage from cyber incidents is exacerbated if the affected organisation doesn’t have a disaster response plan in place. WannaCry caught NHS trusts (and many others) off guard, leading to poorly implemented recovery plans. For most organisations, poor recovery efforts will lead to financial and reputational damage, but for NHS trusts it could potentially mean fatalities.
Get the information security basics right
NHS Wales’s woes are about as close to a best-case scenario as it could have hoped for, given how unprepared it was. To avoid truly devastating breaches or regulatory action for failing to comply with data protection and cyber security laws, organisations need to get the basics right. This means knowing what your vulnerabilities are and what needs to be done to address them.
IT Governance provides comprehensive advice to help healthcare organisations stay safe and secure. Our one-stop shop provides solutions to the most common challenges organisations face:
- EU General Data Protection Regulation
- ISO 27001
- Cyber Essentials
- Information Governance Toolkit
- NIS Directive compliance
- Staff awareness
You might also be interested in our free brochure, Cyber security in healthcare.