NHS cyber attack: Less than 1% of computers affected in Scotland

nhs scotland
“With less than 1% of devices infected I think we can draw some comfort from that position,” Shona Robison, Scottish Health Secretary, said yesterday afternoon

Thirteen Scottish health boards were affected in the global cyber attack, although the impact was less severe than in England

[Glasgow, Scotland] Scottish Health Secretary Shona Robison has said initial evaluation following the global cyber attack shows ‘less than 1% of devices’ across the NHS in Scotland have been affected.

Robison confirmed in Parliament yesterday the ‘most significant impact’ was felt at NHS Lanarkshire and NHS Borders. Although 13 health boards in total were affected in the ransomware incident, they were able to mitigate risks and get services ‘back on line and operational’ by Monday morning, following guidance issued by the National Cyber Security Centre.

“My officials are working closely with Health Boards to gain an understanding of why this situation arose in the first place. Issues that will be considered through this work will be to understand whether Health Boards had appropriate patching regimes in place,” Robison said.

“This is the process of applying fixes from software and hardware suppliers onto IT systems to improve security. With less than 1% of devices infected I think we can draw some comfort from that position,” she added.

Furthermore, the Scottish Health Secretary emphasised investment has been allocated towards improving IT across NHS Scotland, with health boards receiving ‘around £100m’ per year to improve their IT infrastructure and ‘cyber security resilience’. For 2016-2017, the total spend was reportedly around £257m.

NHS Lanarkshire had restored services by the beginning of the week after Calum Campbell, Chief Executive, made the decision to shut down computer systems on Friday afternoon to minimise damage.

Meanwhile, three community sites at NHS Borders were reportedly affected by the ransomware attack, with the latest statement published on Monday showing they were still in ‘recovery phase’. NHS Borders did not respond to our request for comment in time for publication.

Scotland accelerates plan to improve cybersecurity defence

Scottish Justice Secretary Michael Matheson has revealed plans to accelerate an ‘action plan’ that would improve cybersecurity resilience across public sector organisations. This involves putting together guidance that all bodies would have to implement by 2018, along with offering them support to obtain Cyber Essentials standard accreditation and publishing a ‘public awareness strategy’.

“Cyber security is everyone’s business and we need to ensure that all organisations have appropriate safeguards in place,” he said yesterday.