Topics
More on Risk Management

After WannaCry knocked it offline, UK's National Health Service banks on new security center to improve cybersecurity

The new $27 million project will provide the NHS Security Operations Center with enhanced monitoring, vulnerability testing and malware analysis.

Jessica Davis, Associate Editor

The NHS Lanarkshire corporate office in the U.K. Credit: Google MapsThe NHS Lanarkshire corporate office in the U.K. Credit: Google Maps

The U.K. National Health Service recently launched a 20 million pound -- or about $27 million -- project on a new security operations center to help its hospital and health centers fend off cyberattacks.

The new Security Operations Center will improve the health system's current security capabilities, including ethical hacking, malware analysis and pen testing. The center is also tasked with giving NHS Trusts cybersecurity guidance.

The announcement comes on the heels of the massive global WannaCry attack. Over 50 NHS Trusts were impacted by the attack, including about 600 surgeries and more than 19,000 appointment cancellations. In fact, five hospitals were forced to divert ambulances to other facilities.

The attack was the largest cyberattack ever experienced by the health system -- although individual trusts were hit by other hacks prior to the May 12 attack.

[Also: How US healthcare spent the weekend protecting against WannaCry]

A National Audit Office report in October found that outdated and unsupported operating systems still in use by NHS and a lack of basic security measures left the organization vulnerable to attack.

One of the security center's tasks will be to ensure all NHS Trusts are following best practices. Further, the center will perform ongoing monitoring. The funding will also invest in NHS Digital, the national IT partner of the health system, which will provide a monitoring service to analyze intelligence over multiple sources. NHS Digital will also share threat intelligence with all health providers.

The security center will give all NHS organizations dealing with a cybersecurity incident specialist support and on-site security assessments. To NHS Digital Security Center Head Dan Taylor, the partnership will provide needed resources during peak periods and help proactively monitor the web for emerging threats.

"It will also allow us to improve our current capabilities in ethical hacking, vulnerability testing and the forensic analysis of malicious software and will improve our ability to anticipate future vulnerabilities while supporting health and care in remediating current known threats," said Taylor in a statement.

"By creating a national, near-real-time monitoring and alerting service that covers the whole health and care system, the SOC will drive economies of scale, giving health and care organizations additional intelligence and support services that they might not otherwise be able to access," he added.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Show All Comments