New Times,
New Thinking.

  1. Science & Tech
24 July 2017updated 06 Aug 2021 6:06am

Public bodies are vulnerable to hacking – government needs to step up to protect them

The threat of cyber crime is only going to increase as hackers develop more sophisticated methods.

By Oscar Williams

Barely a month passes in 2017 without some kind of IT failure hitting the headlines, but the hacks, leaks and breaches that make the news may represent just the tip of the iceberg.

An investigation by the i newspaper has revealed that public bodies such as hospitals, councils and museums have been breached more than 400 times over the last three years.

The real number may be higher still. More than half of NHS trusts and one in ten councils refused to answer questions put to them by the i’s team of reporters.

The motivations for such attacks are varied. Some hackers want to extort money and steal sensitive data. Others simply want to wreak havoc.

To casual observers, the threat may seem abstract – but cyber crime has a real world impact, a truth thrown into stark relief in May when the NHS faced its biggest hack yet. A gang of cyber criminals since linked to the North Korean government released a virus dubbed WannaCry into the wilds of the internet. It quickly found its way into the poorly protected systems of the NHS, encrypting files as it spread.

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.

Fortunately, the proliferation of the ransomware, which demands victims pay a fee to have their files released, was stalled when a 22-year-old computer whizz known as Malware Tech found a killswitch that halted its spread.

However, considerable damage was done before the NHS’s IT teams had a chance to stop it. Doctors and nurses were forced to cancel thousands of operations and appointments as techies scrambled to get systems back online.

Public bodies such as the NHS are far from alone in being targeted by hackers. But the figures revealed by the i indicate that the public sector may be particularly vulnerable to the march of cyber crime. One hospital told the paper WannaCry was the price it paid “for a very long-term under-investment in IT infrastructure”.

It’s a sentiment echoed by the Charted Institute for IT, which concluded in a report last month that the WannaCry strike could have been averted if hospitals had spent more time skilling up staff.

“The [strike] was bound to happen, it was just a matter of when,” said David Evans, the institute’s director of policy. “Whilst doing the best with the limited resources available, it is clear that some hospital IT teams lacked access to trained, registered and accountable cyber-security professionals with the power to assure hospital boards that computer systems were fit for purpose.”

The threat of cyber crime is only going to increase as hackers develop ever more sophisticated methods of attack. The Register, an IT news site, reported last week that experts now fear hackers will create ransomware tailor-made for particular organisations.

Public bodies could become prime targets for such strikes, given the importance of the work they carry out, but too many remain poorly protected.

The creation of the National Cyber Security Centre (NCSC), a spin off from GCHQ, was welcomed by experts last year. But there is only so much the organisation can do to help public bodies without assuming complete control of their systems, an approach that is neither practical nor desirable.

The impetus for change must come from within, but cyber security is expensive. Even with the best will in the world, executives in the public sector are powerless to protect their organisations unless they have the money to do so.

Government needs to ensure NHS trusts and other bodies have the funds to adequately secure their systems. If custom-made ransomware takes off, WannaCry 2.0 could be far more destructive – and it may not have a killswitch. 

This article also appears on NS Tech, a new division of the New Statesman focusing on the intersection of technology and politics

Content from our partners
Peatlands are nature's unsung climate warriors
How the apprenticeship levy helps small businesses to transform their workforce
How to reform the apprenticeship levy