St Helens Commissioning Clinical Group (CCG) has been warned by its governing body that it is at high risk of a cyber-attack.
In a report that details the findings of the governing body, the CCG has been warned that one of the ‘new' risks to the organisation is a failure to adequately protect IT systems from threats emerging from cyber security.
"The IT systems run by the HIS (health informatics service) are coming under increased risk regarding service disruption as a result of potential cyber security attacks," the report stated.
"A successful cyber-attack could result in the loss of data or system outage (including primary, secondary and community systems as well as local CCG IT systems) resulting in significant service disruption, harm to patients and financial loss," it added.
The CCG scores risk factors on a scale of zero to 25, with cyber attacks given a risk factor of 12 at St Helens, meaning it is classified as ‘high' under the rating system.
The report suggested that WannaCry did not directly infect the HIS provided by St Helens & Knowsley Hospital Trust, and therefore CCG systems were not adversely affected. However, the HIS had to take immediate action which resulted in some local service disruption.
However, in August, junior doctors working at St Helens and Knowsley Hospitals NHS Trust had their personal details inadvertently revealed online following the careless publication of an internal spreadsheet.
While the HIS team have been working on some key programmes to boost cyber security protection, and the trust has ensured that there are certain controls and assurances in place, there are still many gaps.
The report mentions gaps in controls such as the fact some patches are resource intensive and take time to apply fully, and the system being reliant on awareness of users to not adopt unsafe practices. It also cites interoperability of networks across the NHS as a threat.
"The system is only as strong as its weakest partner and one organisation being infected can quickly infect other linked systems," it said.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance