NHS St Helens Clinical Commissioning Group (CCG) has been warned that health services in the borough face a significant cyber-attack threat.

An assessment conducted as part of the CCG’s risk management strategy determined that more needed to be done to protect IT systems run by the St Helens and Knowsley Health Informatics Services (HIS).

The report states that an attack on healthcare services in St Helens could result in “significant service disruption”, in addition to “harm to patients and financial loss”.

The CCG scores risk factors on scale of zero to 25. The threat from cyber attacks in St Helens has been given a risk factor of 12, which is classified as ‘high’ under the rating system.

“The IT systems run by the HIS are coming under increased risk regarding service disruption as a result of potential cyber security attacks,” the report states.

“A successful cyber-attack could result in the loss of data or system outage including primary, secondary and community systems as well as local CCG IT systems.”

The report did not specify the nature of the vulnerabilities or where they lay within the borough. St Helens CCG said it was unable to provide any details outside of what was included in the report when contacted by Digital Health News.

However, it suggested that measures had been put in place to build resilience against cyber-threats, which included investing in new technologies and the appointment of specialist cyber security staff within the local HIS.

“HIS have had an assessment of where they are up to in terms of cyber security and is developing a business case to reduce the chances of being affected by a cyber threat,” the papers read.

In a statement sent to Digital Health News, Helens and Knowsley HIS said: “In light of cyber security attacks locally and nationally and the ongoing cyber threat across the NHS and other major organisations, [we] took the decision to increase its risk position in the summer of last year to reflect the increasing danger facing the NHS.

“We have provided the Clinical Commissioning Groups we support with robust assurance that the Informatics Service has the appropriate controls and safeguards to manage its cyber security risk.

“We continue to monitor the threat and are confident that the Informatics Service is well placed to protect its partner organisations against such threats.”

At a Public Accounts Committee hearing in London in February, Rob Shaw, deputy CEO of NHS Digital, revealed that NHS trusts in England had unanimously failed cyber security checks carried out since 2017’s WannaCry incident.

In wake of the ransomware attack last May, NHS England CIO Will Smart has suggested that the NHS create data security leads within individual organisations as well as appoint a chief information and security officer at national level.

NHS Digital is offering a £30m contract to prospective strategic partners who can support the development of its security operations centre, which provides cyber security support to national health and care services.