‘Out of date’ IT system leaves NHS at risk of further cyber attacks

The founding chief executive of the National Cyber Security Centre has warned parts of the NHS’s IT system is “out of date” and at risk of further cyber attacks.

More than 6,000 appointments and procedures were postponed at major London hospitals because of a cyber attack in June.

Professor Ciaran Martin said he was “horrified, but not completely surprised” by the ransomware attack.

He told the BBC: “Ransomware attacks on healthcare are a major global problem.

“In parts of the NHS estate, it’s quite clear that some of the IT is out of date.”

Professor Martin, who now works at the University of Oxford, said outdated IT systems, identifying vulnerable points and basic security practices were critical issues facing the NHS.

NHS England confirmed data stolen in the June 3 ransomware attack on pathology services provider Synnovis had been published online.

According to the BBC, Russian cyber gang Qilin shared almost 400GB of data, including patient names, dates of birth, NHS numbers and descriptions of blood tests, on their darknet site and Telegram channel.

But NHS England said there was “no evidence” the cyber criminals had published an entire database, but that it could take “some weeks” to learn which people were affected by the attack.

Last week, NHS England said 4,913 outpatient appointments and 1,391 pre-planned procedures had been postponed at King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust.

NHS leaders said the attack at the two most affected hospital trusts delayed 1,517 acute outpatient appointments and 136 elective procedures from June 24 to June 30.

Urgent and emergency services had remained available as usual.