NHS systems in Wales were not hit by the major ransomware cyber attack that impacted England and Scotland due to ‘resilience defences’ against viruses, the Welsh Government has said.
In a written statement, the Welsh First Minister Carwyn Jones said that the ‘ransomware has not affected the integrity of NHS systems here in Wales, partly due to the resilience defences already in place’.
The statement said that ‘to continue to protect NHS Wales from disruption a number of extra security controls have been put in place’, including ‘temporarily blocking all external emails sent to NHS Wales and applying new anti-virus definitions and patches to both national and local systems’ on Tuesday.
Mr Jones stressed that where the ransomware has been detected, immediate remedial action has been taken to prevent the virus spreading. This has meant that ‘no patient data has been compromised or lost’.
At the same time, a statement from Cardiff and Vale University health board said: ‘To date, digital services in NHS Wales have been unaffected. Additional security controls are being put in place to help prevent further attacks.’
David Jones, chief executive of Westgate Cyber Security, told the BBC that NHS Wales had ‘dodged a bullet’.
The Information Security Forum – an organisation that provides practical guidance to overcome wide-ranging security challenges – defines cyber resilience as ‘the organisation’s capability to withstand negative impacts due to unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace’.
