UK’s NHS spends $35m on new security ops centre in response to WannaCry

The UK’s National Health Service (NHS) is spending £20m (AU $35m) on a new security operations centre (SOC) to improve its ability to help local NHS organisations respond to ransomware and other cyber security threats.

On May 12 the WannaCry ransomware caused severe disruptions at 81 out of 236 of NHS trusts and nearly 600 GP practices, resulting in an estimated 19,000 cancelled appointments and operations. 

A subsequent review found that had UK security researcher Marcus Hutchins not found a ‘kill switch’ for WannaCry within days of the initial outbreak, a further 21 trusts — totaling 92 NHS organisations — could have experienced disruptions too.    

The new SOC aims to boost NHS’s resilience to future cyber attacks by improving its capabilities in ethical hacking, vulnerability testing and forensic analysis of malware. 

The SOC will be run by NHS Digital, a unit that helps NHS manage critical IT healthcare systems. 

NHS Digital will offer ‘near-real-time’ threat intelligence monitoring and alerts as well as remediation services focussed on health care providers. 

It will also provide on-site data security assessments that help NHS organisations spot weaknesses and provide support when organisations believe they’ve suffered an attack. 

As part of the project, NHS Digital is inviting private sector to bid for a three to five year contract to support its new security responsibilities.

"By creating a national, near-real-time monitoring and alerting service that covers the whole health and care system, the SOC will drive economies of scale, giving health and care organisations additional intelligence and support services that they might not otherwise be able to access,” said Dan Taylor, head of the Digital Security Centre at NHS Digital.

The National Audit Office (NAO) released the findings of a review of WannaCry's impact on NHS last month that found the malware was preventable if the NHS had followed “basic IT security best practice”. 

NHS Digital had warned the department about critical patches prior to the May attack, but NHS had no way of telling whether organisations followed the recommendation. Microsoft released patches for the flaws that WannaCry exploited in March.  

The audit also found shortcomings in NHS incident response plans, which covered roles and responsibilities of national and local organisations, but had not been tested with local NHS organisations. Many organisations were unable to use email due to WannaCry, leaving local staff to communicate using mobile devices and apps such as WhatsApp.

The NAO said that by 16 May only two hospitals were still diverting patients to other hospitals, and credited the NHS’s quick recovery on the work of Hutchins. The 23-year old researcher is currently in the US facing federal criminal charges for his alleged involvement in banking malware during his teens.


Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags ransomwareNHSWannaCryNotPetya

More about MicrosoftNational Audit Office

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts