Why the NHS needs to invest in cyber security skills one year on from WannaCry

The UK government’s Department of Health and Social Care has announced a sizeable investment in cyber security for the NHS, amid the growing threat of cyber attacks. The £150 million investment comes almost one year on from the WannaCry ransomware attack, which saw hackers withhold access to thousands of patient records and resulted in the cancellation of almost 20,000 appointments. The hack affected around 80 NHS trusts and 600 NHS organisations (such as GP surgeries).

Nearly one year on, the Public Accounts Committee released their findings on the standard of cyber security in the NHS, revealing that all 200 NHS trusts had failed their cyber security assessment. The report said, “some trusts had failed the assessment solely because they had not patched their systems – the main reason the NHS had been vulnerable to WannaCry.” 

How will the NHS spend the investment?

To address the glaring need for improvement, the government will invest £60 million up front to address key cyber security weaknesses, such as the upgrade to Windows 10 and its latest security settings. £21 million of the upfront £60 million will be spent on upgrading firewalls and network infrastructure at major trauma centre hospitals and ambulance trusts, while £39 million will be spent on improving infrastructure weaknesses. In addition, the £150 million pledge is budgeted to be spent over the next three years.

While it isn’t yet 100% clear how the remainder of the investment will be spent, it has been reported that a new digital security centre will be set up where cyber security professionals will be on hand to prevent, detect and respond to potential cyber threats that could hit the NHS. 

What security professionals will the NHS need?

It’s clear the NHS will need to invest in skilled cyber security professionals to help mitigate the risk of cyber attacks. 

In order to constantly assess and identify potential weaknesses, they could turn to penetration testers and Certified Ethical Hackers (CEH), who are responsible for hacking into current systems to find their vulnerabilities.

Security systems engineers will then look to implement new security solutions or upgrade policies that might already be in place. Experienced security professionals with Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certifications are going to be extremely sought-after to help protect patient data. 

However, the shortage of skilled cyber security professionals is well documented as the anticipated shortfall of these skilled professional is set to reach 1.8 million by 2022, so the NHS is going to have to pay competitive rates to find the skills it needs.  

Investing in these cyber security specialists may be an expensive initial investment, but it’s vital for ensuring key patient data is protected and the NHS runs efficiently and effectively. 

Take a look at our latest cyber security jobs or contact our team for more cyber security careers advice.

Are you an employer looking to hire your next cyber security professional? View our cyber security employer site to find out how we can help.

Top in News and insights

Recommended articles

Back to top