UK’s NHS spends $35m on new security ops centre in response to WannaCry

  • Liam Tung (CSO Online)
  • 28 November, 2017 05:46

The UK’s National Health Service (NHS) is spending £20m (AU $35m) on a new security operations centre (SOC) to improve its ability to help local NHS organisations respond to ransomware and other cyber security threats.

On May 12 the WannaCry ransomware caused severe disruptions at 81 out of 236 of NHS trusts and nearly 600 GP practices, resulting in an estimated 19,000 cancelled appointments and operations. 

A subsequent review found that had UK security researcher Marcus Hutchins not found a ‘kill switch’ for WannaCry within days of the initial outbreak, a further 21 trusts — totaling 92 NHS organisations — could have experienced disruptions too.    

The new SOC aims to boost NHS’s resilience to future cyber attacks by improving its capabilities in ethical hacking, vulnerability testing and forensic analysis of malware. 

The SOC will be run by NHS Digital, a unit that helps NHS manage critical IT healthcare systems. 

NHS Digital will offer ‘near-real-time’ threat intelligence monitoring and alerts as well as remediation services focussed on health care providers. 

It will also provide on-site data security assessments that help NHS organisations spot weaknesses and provide support when organisations believe they’ve suffered an attack. 

As part of the project, NHS Digital is inviting private sector to bid for a three to five year contract to support its new security responsibilities.

"By creating a national, near-real-time monitoring and alerting service that covers the whole health and care system, the SOC will drive economies of scale, giving health and care organisations additional intelligence and support services that they might not otherwise be able to access,” said Dan Taylor, head of the Digital Security Centre at NHS Digital.

The National Audit Office (NAO) released the findings of a review of WannaCry's impact on NHS last month that found the malware was preventable if the NHS had followed “basic IT security best practice”. 

NHS Digital had warned the department about critical patches prior to the May attack, but NHS had no way of telling whether organisations followed the recommendation. Microsoft released patches for the flaws that WannaCry exploited in March.  

The audit also found shortcomings in NHS incident response plans, which covered roles and responsibilities of national and local organisations, but had not been tested with local NHS organisations. Many organisations were unable to use email due to WannaCry, leaving local staff to communicate using mobile devices and apps such as WhatsApp.

The NAO said that by 16 May only two hospitals were still diverting patients to other hospitals, and credited the NHS’s quick recovery on the work of Hutchins. The 23-year old researcher is currently in the US facing federal criminal charges for his alleged involvement in banking malware during his teens.