medConfidential comment on “NHS” cyberincident

Regarding the ongoing [time of writing: 18:30, 12/5/17] international cybersecurity incident, currently affecting – amongst many others – a number of NHS hospitals and GP practices.

Phil Booth, coordinator of medConfidential said:

“medConfidential has confidence in clinicians continuing to treat their patients, and in GCHQ’s incident response – as has been demonstrated in previous similar incidents.  Unfortunately, we also fully expect NHS England’s analogue administrators’ tailspin to continue to learn as little from this event as from any other in the real world.”

Notes to editors

1) Dame Fiona Caldicott’s ‘Review of Data Security, Consent and Opt-Outs’, published in June 2016, made important points about NHS cybersecurity. As of the snap General Election, the Government had yet to publish its response to the Review:

2) NHS Digital has run a programme called CareCERT since September 2015, partnering with agencies such as including CERT-UK, CESG and CPNI. One of CareCERT’s core functions is “national cyber security incident management”:

3) At the time of writing, this does not appear to be a ‘NHS-only’ incident; there is evidence of similar issues arising in Telefonica, in Spain: e.g. &

4) At the time of writing, the vulnerability appears to be one used by the CIA and disclosed via wikileaks in March 2017. Microsoft shipped an emergency patch at that point: Serious questions need to be asked of those responsible for maintaining Windows-based IT systems, who failed to patch their servers for two months.