NHS trusts boost tech spending by £150m since WannaCry attack

Parliament Street think tank reveals increased spending on cyber security by NHS trusts

The WannaCry incident highlighted flaws with IT security within the health sector

NHS trusts have boosted IT spending by a collective £151.9m since the WannaCry attack brought services to a halt in May 2017.

According to official figures obtained through the Freedom of Information Act (FOI) by the Parliament Street think tank; 65 NHS trusts spent at total of £612,128,793 on IT in the 2018/19 financial year.

This compares to a total spend of £494,607,408 in the 2017/18 financial year; and £460,188,570 in the 12-month 2016/17 period directly preceding the WannaCry attack.

The worldwide ransomware attack targeted computers running the Microsoft Windows operating system, affecting at least 80 of the 236 trusts across England, and leaving the NHS with a £73m bill.

Building an NHS fit for the future means training and equipping doctors, nurses and medical professionals with the very-latest digital skills

The highest reported increase came from Leeds Teaching Hospitals NHS Trust, which disclosed a boost of almost £11m, rising from £7,723,868 in 16/17 to £18,597,000 in 18/19.

Similarly, The Royal Marsden NHS Foundation Trust reported an IT spending increase of over £10m, rising from £5,476,357 in 16/17 to £16,271,946 in 18/19.

University Hospitals of Leicester NHS Trust boosted its spending on IT by £7,934,000, rising from 11,577,000 in 16/17 to £19,511,000 FY18/19.

The Royal Free London NHS Foundation Trust saw an increase of £7.5m, up from £16,729,000 in 16/17 to £24,249,691 in 18/19.

The news comes following Prime Minister, Boris Johnson’s, announcement of a one-off £1.8billion cash boost for NHS hospitals, which will be partly used to further bolster IT security, training and equipment.

Key is ensuring existing staff have the opportunity to reskill in critical areas like big data and cyber security, as well as recruiting staff from more-diverse backgrounds

Sheila Flavell, chief operating officer at IT and business solutions specialist, FDM Group, said of the news: “Building an NHS fit for the future means training and equipping doctors, nurses and medical professionals with the very-latest digital skills.

“Key to this effort is ensuring existing staff have the opportunity to reskill in critical areas like big data and cyber security, as well as recruiting staff from more-diverse backgrounds.

“This approach will simultaneously drive efficiencies in the health service, while having a real impact on the patient experience.”

Paul Farrington, chief technology officer at Veracode, added: "Cyberattacks are becoming more sophisticated and the potential impact they can have on healthcare organisations and patients are, at times, life threatening.

"Hospitals, clinics and infirmaries are large organisations powered by deeply-complex frameworks of legacy and modern applications. This makes them a significant target for cyber criminals, whether it be to access sensitive patient data or for more-nefarious purposes like hacking medical devices.

"Healthcare organisations are remediating at the most-rapid rate at every interval compared to their peers. It takes just a little over seven months for healthcare organisations to reach the final quartile of open vulnerabilities, about eight months sooner than it takes the average organisation to reach the same landmark.

"It shows remarkable resilience for an industry which was heavily targeted and badly damaged during the WannaCry ransomware attack two years ago. However, millions of cyber attacks are aimed at the healthcare sector each day, seeking any weak spot.

"Using code that is secure from the start can help healthcare reduce security risk further.”

Companies