More than 17% of NHS trusts experienced security-related downtime over the past three years, leading to over 18 days of IT outages, according to new Freedom of Information (FOI) data released by Intercity Technology.
The IT solutions provider received FOI responses from 80 trusts, around a third of the total in England.
Of these, 25 (31%) claimed to have experienced IT outages between January 2015 and February 2018, with 14 of them the result of a security breach. In total, the 80 responding trusts suffered 18 security incidents, leading to over 18 days of downtime.
The overall figure for IT downtime exceeded 1300 hours, which averages out to over 16 hours per trust. The number for breaches and downtime would no doubt have been even greater had more Trusts responded.
Although the WannaCry ransomware outages of May 2017 will have accounted for a large number of these “security breaches,” some responding organizations also fell victim to the Locky and Zepto variants, with the most severe attack knocking systems offline for two weeks, according to Intercity Technology.
It’s estimated that WannaCry led to the cancellation of 19,000 appointments and operations, disrupting at least 34% of trusts in England.
Ian Jackson, who is responsible for leading public and private sector partnerships at Intercity Technology, argued that the recent cybersecurity funding boost announced by the government will have a limited impact.
“The additional £150m which has recently been set aside to improve cyber defenses will merely ensure that NHS IT systems are brought up to date, and act as a sticking plaster on under-investment and the continued use of legacy operating systems. What is needed is smarter and continued investment in IT systems and security defences to ensure long-term protection,” he told Infosecurity.
“As we saw with WannaCry, a successful cyber-attack on a healthcare organization can have a massive impact on its day-to-day operations. Following this attack, it’s encouraging to see trusts across the country making strides towards improving their defenses, and the cybersecurity industry is certainly working in collaboration with these trusts to prevent future incidents.”