The NHS and Department of Health have been ordered to “get their act together” by the head of the National Audit Office after it carried out an independent investigation into the cyberattack that hit almost a third of NHS trusts back in May.
The basics of the NAO report, which was issued earlier today, highlight the fact that the NHS had been warned about potential cyberattacks attacks but security updates and patches hadn’t been carried out, leaving its interconnected systems vulnerable to attack.
While it is right that the National Audit Office report is very focussed on the security element, there are broader issues that the NHS and other large government organisations need to consider when planning a more secure future.
As we have found when working with a number of government departments on implementing new cloud environments, this is more about having an all-encompassing technology strategy and implementing it properly. By this I don’t mean the oft-used going “cloud first” scenario. It’s more about these three questions:
- What are we going to deliver?
- How are we going to deliver it?
- How do we support and manage the environment?
Greater dependency on technology means having enough people with the right skills and management direction. A lack of resources, time, prioritisation and direction is a fundamental issue and the greatest security risk. If you don’t have the skills to design, implement and support to the required standards, then what chance do you have?
NHS IT staff work very hard in very challenging conditions – and did so on this occasion – but they are often without the resources, funding and the training required to deliver an outstanding service. This has not been addressed for far too long and needs to change.
Going digital is about investing in the fundamentals – management, skills, headcount and the right partnerships.
By Nick Martin, managing director of SystemsUp.
If you would like to find out how SystemsUp can help with security planning and management please get in touch.