Nick Carding reports from the between-a-rock-and-a-hard-place dept.:
Security checks to keep the NHS safe from hackers have been delayed to help managers deal with covid-19.
The service has also been warrned of attempts to exploit the pandemic by online fraudsters.
The six-month delay means NHS trusts do not need to complete a cybersecurity checklist until September, by when it is hoped the numbers of patients affected by coronavirus has passed its peak.
It comes amid a separate warning by NHS Digital chief executive Sarah Wilkinson over “opportunism” by hackers and fraudsters who are attempting to exploit the chaos caused by the pandemic.
Read more on HSJ.
If they had to make that difficult decision to defer cybersecurity checks, I wish that they had not made that decision public, as it seems to only invite cybercriminals to take advantage now, when the NHS is already overtaxed and may feel that they have no choice but to pay ransom demands.
Obviously, this is a terrible situation and the NHS isn’t the only healthcare system trying to cope with the pandemic with insufficient resources. But the thought of their system being brought to its knees by cybercriminals is as terrifying as the thought of the pandemic itself.
Update: Chey Cobb, retired IC Cybersecurity Chief, commented on the news report:
Thank you for the heads up. Apparently the NHS has a software tool for determining network compliance. The dead line for running this tool and sending the results has been pushed back, due to the extra workload from COVID19. The headline overstated the situation.
— Chey Cobb (@chey_cobb) March 18, 2020
Thank you for the heads up. Apparently the NHS has a software tool for determining network compliance. The dead line for running this tool and sending the results has been pushed back, due to the extra workload from COVID19. The headline overstated the situation.