No surprises as WannaCry dominates cybersecurity talks at EHI Live
- 2 November 2017

Healthcare executives drove home the need to adopt new ways of working to protect themselves against cyber-threats during the first day of EHI Live 2017.
Speaking at the event, Charles Gutteridge, chief clinical information officer (CCIO) of Barts Health NHS Trust and Matthew Connor, head of IT at Southport and Ormskirk NHS Trust, shared their experiences of the WannaCry ransomware outbreak which caused widespread disruption toĀ Englandās health services in May.
Both trusts fell victim to the attack, which affected some 200,000 IT systems world-wide including more than a third of Englandās NHS trusts.
Gutteridge took to the stand at the exhibition at Birminghamās NEC to discuss the need to bridge the gap between technical and clinical working methods and develop āa single system of healthcare deliveryā that was safer and more efficient than current models.
He also suggested there needed to be more direct contact between healthcare boards and vendors to improve education around new technologies and the improvements they can deliver.
āThe NHS as customers still have a lot to learn about developing partnerships with vendors, where both sides can benefit around the strategic delivery or hardware and softwareā, Gutteridge said.
āI think weāre still in a twilight world about what we can do about delivering our infrastructure plans. Weāre still waiting on what the plans are for releasing extra resources. This is a very significant issue for usā.
For many in the NHS, WannaCry was the catalyst that drove home just how desperately the healthcare industry needed to modernise and align its attitudes towards new technologies with those of other industries.
Yet despite the need for seismic cultural changes, Gutteridge suggested that the WannaCry outbreak had had the opposite effect at Barts Health NHS Trust. āEvery time we have one of these events, the trustās confidence in healthcare IT wanes, and it takes a lot of time to recover,ā he said.
The CCIO added that the cyber-attack had shaken cliniciansā confidence in electronic health records (EHR). āBig hairy groups of clinicians said :āI am never going to use an EHR again, itās too unsafeāā¦when you introduce an EHR into a trust, most clinicians think all patients will die if it all gets virtualised. We have a new culture where people are both dependent and secret enthusiasts of the system, but the tension remains.ā
Gutteridge offered that front-line staff could be key to driving the much-needed cultural changes within the NHS, and help identify exactly where improvements can be made to increase resilience to cyber-threats.
āWeāve learnt a lot about listening to front line staff, particularly junior doctors, about what does and what does not work. Itās surprising how inventive young doctors and nurses are. Sometimes the ideas are great and sometimes terrible, but dealing with thatā¦.is a really important part of it.ā
But unless these voices are heard and actioned upon at board-level, that road to revolution could be a long one. āConvincing boards to take a risk in investing in IT and getting a return three-and-a-half years later down the road is a skill we have to work on, on both sidesā, said Gutteridge.
āWithout that understanding of how you can transform care and make it safer and more efficient, weāre not going to make them change.ā
Meanwhile, Southport and Ormskirk NHS Trustās head of IT said that healthcare organisations needed to confront the āit didnāt happen to usā mentality and instead be proactive about building resilience, including seizing the opportunity to get involved with cybersecurity training programmes.
āAt some point we will be asked to dig deep and assess the impact and decision-making guidelines,ā he added. āItās not an option not to invest. We need to address the cultureā.