The NHS is vulnerable to hackers after new security checks on systems across the health service were delayed while managers deal with the coronavirus pandemic.
Security checks will be delayed for six months when it is hoped the number of coronavirus patients will have passed a peak.
The cyber security resilience checks happen every year and are designed to protect the NHS from attack by assessing potential risks.
The health service digital transformation body NHSX gave the reprieve to allow healthcare workers and managers to focus on COVID-19 response plans.
But it said it was ‘critically important’ that the health service and social care organisations remain ‘resilient to cyber attacks’ during the outbreak.
Scroll down for video
Hackers are using the current coronavirus pandemic to target vulnerable people and are disguising themselves as health care workers and organisations. Stock image
NHS trusts and related organisations are supposed to submit a data security and protection toolkit every year to ensure their systems and databases are hack-proof.
The delay comes as the NHS acknowledged a rise in the number of people using COVID-19 as a way to steal information and hack into systems.
The toolkits were due to be completed and sent to NHSX by the end of March but they won’t have to do this until September now and it could be reviewed again.
The digital organisation says that if groups complete their checklists early they are able to send them off and they will be awarded a ‘standards met’ status.
NHSX said: ‘Whilst the DSPT submission deadline is being relaxed to account for COVID-19, the cyber security risk remains high,’ the organisation said.
‘All organisations must continue to maintain their patching regimes.
NHS trusts and related organisations are supposed to submit a data security and protection toolkit every year to ensure their systems and databases are hack-proof
The threat facing the NHS and health organisations is particularly intense during this potentially long-lasting coronavirus pandemic.
Any attacks launched against trusts over the next few months could lead to significant patient harm, warn cyber security experts.
NHS Digital chief executive Sarah Wilkinson said there were no particular concerns about any pandemic linked cyber threat to the NHS.
But hackers are already posing as healthcare agencies including the World Health Organisation and the Centre for Disease Control to launch phishing attempts.
WHAT WAS THE WANNACRY ATTACK?
In May 2017, a massive ransomware virus attack spread to the computer systems of hundreds of private companies and public organisations across the globe.
The software locked computers and asked for a digital ransom before control is safely returned.
In just a few hours, the malware had already infected victims in at least 74 countries, including Russia, Turkey, Germany, Vietnam, and the Philippines – and was estimated to be spreading at a rate of five million emails per hour.
Hospitals and doctors’ surgeries in England were forced to turn away patients and cancel appointments after the attack crippled the NHS.
The WannaCry virus targeted Microsoft’s widely used Windows operating system.
The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.
It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.
The hackers asked for payments of around £230 ($300) in Bitcoin.
When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.
It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.