Cyber attack on London hospitals must be a wake-up call for our politicians
The NHS cyber attacks show exactly why digital security is critically important, yet our politicians don’t seem to care, writes Edward Lewis
Cyber should be a major focus of the campaign, yet it’s not.
Last week’s ransomware attack on Synnovis is a stark wake-up call for all UK essential services. The breach, which has disrupted key London hospitals, underscores the critical need for substantial investment in robust cyber defenses across healthcare.
The consequences of these attacks are enormous. For example, urgent blood donations are now frantically being sought, particularly O-blood donors, as the computer systems we rely on are no longer able to quickly match patients to the available blood supply. These patients include cancer victims.
You would think every major party leader would be offering their thoughts about this incident. You would think every major media outlet would be pressing the major parties for their plans to protect the UK’s essential services from cyber attack. You would be wrong. Instead, the political commentary last weekend continued to be driven by Prime Minister Rishi Sunak’s early exit from commemoration events in Normandy. There were columns about Sunak’s gaffe. Forensic insider analyses of his gaffe. Interviews about it. Panel discussions. Panel discussions about interviews. We are, to quote Neil Postman, amusing ourselves to death.
Yes, how we pay tribute to the past matters, but so, too, does securing our future. Indeed, it matters more. And that future is digital, which means we need to be having a serious conversation about cybersecurity. Hacking isn’t just gangsters looking for money, although there is plenty of that about; it’s about rogue actors – authoritarian governments led by people like Vladimir Putin, Xi Jingping and Ayatollah Khamenei – constantly looking for an edge over the free countries of the west. To wit, the Synnovis attack is thought to have been perpetrated by Qilin, a Russian group.
What are the kinds of questions we should be asking of our leaders? To begin, Synnovis is a critical provider to four major London hospitals, but it is only one of many companies that feed into the critical IT systems in the NHS. How much care does the government take in ensuring the NHS’ digital supply chains are resilient to the kind of attack now imperilling our blood donation systems? Is the NHS being forced to raid its IT budgets in order to fund pay settlements following strike actions?
If TSB was fined £49m for a botched IT migration in 2018, a snafu that kept many Britons locked out of their accounts for months, what should the penalties be for companies in critical sectors like health care? More broadly, businesses in the West have been too lax in transforming themselves to weather digital storms. Cybersecurity isn’t just a technical problem, it’s a whole-of-business problem. A strong cyber defence is essential to the delivery of modern finance. Of modern communication. And yes, of modern healthcare. We need to get our houses in collective order. Fortunately, it’s been manifesto week in the election campaign. These are important documents and should give voters insight into each of the major political parties’ thinking on cyber defense.
Sadly, many in our industry were not expecting any detailed policy proscriptions. And so it came to pass. The policy cupboard is empty. Rishi Sunak enjoys talking about AI, but has had very little to say on the more prosaic matter of cybersecurity. And Labour? Neither Keir Starmer, Angela Rayner or any Labour grandee has had much, if anything, to say about the new frontline of national security. Let’s hope that changes. And soon. The good news is, the UK is well-positioned to lead that change. We are blessed with some of the brightest minds in cyber defence. What’s more, we are all patriots ready to serve our nation. If our leaders come to ask for advice, we will offer it in spades. And if the media comes knocking, we can help to educate them, too.
Edward Lewis is partner at cybersecurity firm Cyxcel