Home Secretary responds to Labour over NHS ransomware attack

Labour demanded answers about yesterday’s randomware attack on the NHS earlier today, writing to Heath Secretary Jeremy Hunt. The Home Secretary – Amber Rudd – has replied:

 “The malicious actions of the cyber criminals behind this attack have caused considerable distress for those patients who have been affected,” she wrote. “There is no evidence that any patient data has been compromised and the NHS has done brilliantly to manage the disruption.”

But we must be careful not to characterise this as an attack on our NHS, and it is vital we do not jump to the wrong conclusions. As Europol have said, the scale of this attack is unprecedented and it is affecting a wide range of organisations in almost 100 countries around the globe.

Today we have learned that Nissan’s plant in Sunderland has been affected, while according to reports others affected around the world include major telecoms firms, utility providers, railways, universities and local authorities.”

Jonathan Ashworth, Labour’s shadow health secretary, had previously suggested that the government had failed to invest in NHS digital services. It appears that this randomware attack took advantage of a bug in windows operating systems that had been patched before the attack took place. A series of commentators have claimed that they have failed to be implemented on NHS systems because the NHS systems are too outdated to install the updated versions.

Responding to these suggestions, Rudd said:

“We have doubled investment in cyber security to £1.9 billion and established the National Cyber Security Centre as part of GCHQ to act as a single point of contact for major incidents like this.

The NCSC provides guidance to organisations on how to protect themselves from ransomware, and CareCERT was established in 2015 to provide national cyber support services for the health and care system. It is delivered by NHS Digital, working with the NCSC, and since 2015 more than £50 million have been made available to support CareCERT services.”

Rudd finished with this not-so-subtle attack on Labour:

“Should you have any concerns about the security of the Labour Party’s own systems, GCHQ stand ready to provide a briefing on how best to minimise the risk of a successful attack.”