NHS’ supply chain security 15-20 years behind other sectors says Huggins
Following the Advanced cyber attack in August 2022, Phil Huggins has revealed to a Digital Health Rewired audience that in its current state the NHS supply chain’s “state of security is 15 to 20 years behind other sectors”.
The national chief information security officer for health and care at NHS England was speaking alongside a panel on the Cyber Security Stage on day two of Digital Health Rewired 2023 in London, in a session titled ‘Assurance, Resilience and Recovery: Lessons from the August 2022 Attack on Advanced’.
Huggins explained that “(the NHS’) supply chain has not got the attention it needs” and therefore “there’s a lot of work to do” to improve security.
Advanced cyber attack ‘worse than Covid’
Although there were no casualties as a result of the Advanced cyber attack, the impact on clinicians across the healthcare system was and continues to be enormous.
Ayesha Rahim, clinical lead for digital mental health at NHS England and chief medical information officer at Surrey and Borders Partnership Foundation Trust, was also on the panel, and spoke of the huge impact the attack had on staff.
“The date 4th August is imprinted in my brain”, Rahim said, which is when the attack first happened and was first reported. She explained that it is “quite difficult to fully convey the chaos this caused”, giving examples of staff having no idea what a patient’s background was and therefore having to do everything “blindfolded”.
Rahim said staff could not tell if it was safe to go out on visits to mental health patients due to the lack of data and information on them, and every time a person saw a staff member they were retraumatised having to explain their past over and over, including experiences of sexual abuse.
“A lot of staff described the situation as worse than Covid”, Rahim told the Rewired audience, and believes that the whole attack has “gone under the radar a little bit”.
She added: “The last mental health trust was back on this month, let that sink in.”
Also on the panel in the session was Jamie Graham, assistant director of cyber at Digital Health and Care Wales, and James Hughes, VP of sales engineering at Rubrik, the sponsors of the Cyber Security Stage.