NHS at risk of being hit again as NCSC exec says IT systems "out of date"

A person in a medical practice typing on a laptop.
(Image credit: Pixabay)

The UK's National Health Service (NHS) is at risk of even more devastating cyberattacks, since parts of its IT infrastructure are outdated.

Professor Ciaran Martin, the first CEO of the National Cyber Security Centre (NCSC) warned about the state of the NHS after a major cyberattack that struck the organization in June 2024.

Overall, more than 6,000 appointments and procedures were postponed all over London because of the attack. Furthermore, on June 3, pathology services provider Synnovis suffered a ransomware attack that resulted in hundreds of gigabytes of sensitive patient data leaking online.

A call to arms

The ransomware attack left professor Martin “horrified, but not completely surprised”. He told the BBC: “Ransomware attacks on healthcare are a major global problem. “In parts of the NHS estate, it’s quite clear that some of the IT is out of date.”

Besides outdated technology, the inability to properly identify vulnerable points, as well as the lack of basic security practices, were the NHS’ biggest issues, he said.

“The attack targeted London NHS hospitals, disrupting services and compromising sensitive patient data,” commented Adam Button, Field CTO at Elastic. “The widespread disruption forced the hospitals to revert to manual operations and delay non-emergent procedures. This incident underscores the critical importance of robust cybersecurity protocols in safeguarding essential healthcare services and protecting patient information.”

“As the repercussions continue, this serves as a wake-up call for all healthcare providers to enhance their defenses. Tools that can index, search, and analyze large volumes of data in real-time are invaluable in detecting and responding to cyber threats.”

Button also added that the Board cannot be the only one with awareness of “actual threats” and existing solutions - awareness needs to be widespread nationally.

“Properly equipping businesses on the frontline of what many regard as an ongoing cyberwar is paramount for the UK’s cyber resilience and national security,” he concluded.

Via Evening Standard

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.