Rob Shaw details NHS Digital’s cyber-attack response

NHS Digital’s acting chief executive has revealed the national body’s response to the debilitating cyber-attack that affected 47 NHS trusts last month.

Speaking at NHS Digital’s 31 May board meeting, Rob Shaw, the chief operating officer and acting chief executive, said that the organisation had issued immediate bulletins, created a 24-hour helpline and deployed data security experts on the ground.

In a transcript of his update to the board, provided to Digital Health News, Shaw also said there had been inaccurate “speculation” about the NHS’s readiness for such an attack.

He said that NHS Digital had issued an update on a secure portal accessible to NHS staff on 25 April, and then a bulletin to more than 10,000 IT professionals on 28 April about the Microsoft patch.

Microsoft has also defended its role in the global cyber-attack by saying it released a security update to patch for this particular vulnerability on 14 March.

Shaw said on 12 May, NHS Digital sent out a bulletin with specific advice and remedial steps to NHS organisations. “It was obviously paramount to have clear, substantiated evidence of the issue and an accurate understanding of what steps were best to take before communicating with organisations.”

A 24/7 specialist helpline was set up within an hour of “confirming the basic details” of the cyber-attack, and a command control centre was established, said Shaw.

The cyber-attack, caused by ransomware virus Wanna Crypt, is speculated to cost each trust more than £1 million in recovery costs.

He added that NHS Digital worked with NHS England, Department of Health and the National Cyber Security Centre on the incident.

However, the health secretary, Jeremy Hunt’s, absence over the weekend of the incident was widely criticised with the home secretary, Amber Rudd, being asked by Sky News whether Hunt had been locked in a cupboard.

Shaw said data security experts were deployed to trusts, alongside 45 NHS Digital staff on site providing support, and daily bulletins and guidance documents were issued.

NHS Digital provides specialist cybersecurity information to NHS trusts through CareCERT.

Shaw told NHS Digital’s board that “our focus has been and remains to resolve any issues as quickly as possible and to learn any lessons in further strengthening the response of the system and the role we can play to forewarn, forearm and respond”.

A review of some of the trusts’ board papers in May, both those who were infected and those who weren’t, saw that cyber-attack prevent plans were being re-evaluated.

West Suffolk NHS Foundation Trust is approving a new firewall to “help protect the trust against the type of cyber-attack suffered in May”. The Leeds Teaching Hospitals NHS Trust said it was “important that we ask NHS England and NHS Improvement to share learnings from incidents in other trusts quickly”.

Shaw concluded by thanking NHS staff for their help during the incident, “who worked virtually around the clock to assist organisations for as long as they needed our help and advice”.