Health and Safety Consultancy Services for SMEs in Birmingham, West Midlands and beyond

NHS cyberattack could be a health and safety nightmare
Posted by David Cant on May 15, 2017

NHS cyberattack could be a health and safety nightmare

cybercrime in the workplaceWhen news broke that NHS hospitals across the UK had fallen victim to ransomware, there was obvious shock and concern. At least 48 trusts were infected, taking computer systems offline and seriously disrupting the treatment of patients.

The full scale of the attack has yet to be revealed, but it is clear that key systems have been compromised by hackers.

What happened?

Each of the affected hospitals has become infected with a special form of the computer virus known as “ransomware”. These infections encrypt files and data, rendering them inaccessible. The only way to regain access is to pay a ransom to the hackers or to restore the damaged files from backup. Depending on how many files are affected, this could take many days.

Security analysts believe that the attack relies on the victim – in this case, the NHS – having the outdated software or inefficient security provisions. It is believed that many of the infected computers at the NHS are still running Windows XP which Microsoft withdrew support some years ago.

The NHS has delayed upgrading and patching their systems for a number reasons, not least the enormous cost involved in such a project. In addition to the cost of upgrade licenses, the trusts each need to test to ensure that clinical systems work properly.

What does it mean for you?

The NHS attack is a warning for all businesses. Insufficiently protected computers anywhere are vulnerable to similar attacks. Any construction firm experiencing a similar infection will find their operations severely disrupted – at potentially significant cost.

Worse still, the inability to access key information has placed patients’ lives at risk. Our reliance on computer systems means that health and safety have now become a digital issue too.

How would losing access to your risk assessments affect site safety? Or any health details you keep on your employees? You rely on these details to plan the measures that keep people safe – without them, your provisions will lack key details and be less safe as a result.

To avoid an NHS-like malware disaster, your business will need to seriously consider how it approaches IT security. Delaying upgrades and patches may help to contain costs in the short term, but could also spell disaster if you do fall victim to cyber criminals.

Don’t be caught out

Your business has a duty to do everything it can to protect employees and members of the public. If a computer systems breach means that you cannot fulfil that duty, you could find yourself in trouble with the HSE and the Information Commissioner’s Office (ICO).

To avoid an NHS-like disaster, you should conduct a risk assessment on your IT systems too – including a check on whether your software needs to be updated. You never know – you may just save someone’s life.

To learn more about risk assessments, please get in touch.


Director at Veritas Consulting. The SME's favourite go-to consultant for health and safety know-how. Bucket loads of experience. Fluent in practical advice. Solutionist with a brain you can pick.

You can find him across Social media - Twitter and Facebook also Linkedin

This post has been filed in: Blog

Post a Comment

Your email is never published nor shared. Required fields are marked *


(Spamcheck Enabled)

Latest Blog Posts
Can you legally take time off because of hot weather? Can you legally take time off because of hot weather? Summer is certainly here – is there a legal limit when it comes to... Read More
When employees sabotage their own health and safety When employees sabotage their own health and safety A group of builders has found a loophole in the rules banning shorts on their site... Read More
Could biometric technology help improve construction health and safety Could biometric technology help improve construction health and safety Although it has existed for years, biometrics technology has been restricted to projects requiring the... Read More
Follow all of the latest Veritas Consulting news on our RSS feed