Cyber attacks are "weapons" which should be treated as a serious, critical threat, a leading group of MPs have said as they called on the whole of Government to learn lessons from the WannaCry attack on the NHS.
In a report on the cyber breach in the health service last year, the Public Accounts Committee (PAC) referred to the nerve agent poisoning of double agent Sergei Skripal and his daughter Yulia, saying the incident has "heightened concerns about the UK's ability to respond to international threats".
The MPs warned that cyber attacks can have a "huge impact" on safety and security.
READ MORE: SNP accused of hypocrisy after failing to disclose meeting with Cambridge Analytica
The comments come after Britain and the US issued a formal alert about "maliciouscyber activity" by Russia.
The latest PAC report details how the Department of Health and Social Care (DHSC) and its arm's-length bodies were "unprepared" for the global WannaCry attack, which disrupted NHS services in May last year.
MPs said that the attack could have been "much worse" and that the NHS was "lucky" that the threat was tackled quickly.
They said that the attack was "relatively unsophisticated" in that it locked devices but did not seek to alter or steal data. But they warned: "Future attacks could be more sophisticated and malicious in intent, resulting in the theft or compromise of patient data."
The WannaCry attack, which occurred in May last year, affected more than 200,000 computers in at least 100 countries.
Data on infected computers was encrypted and users faced a ransom demand to unlock their devices.
READ MORE: Theresa May wins Commons airstrike vote but is accused of manipulating Parliament
A total of 80 of 236 NHS trusts across England suffered disruption, because they were either infected by the ransomware or had turned off their devices or systems as a precaution. The ransomware infected another 603 NHS organisations including 595 GP practices.
The health service was forced to cancel almost 20,000 hospital appointments and operations as a result and five A&E departments had to divert patients to other units.
The report states: "The NHS was lucky. If the attack had not happened on a Friday afternoon in the summer and the kill switch to stop the virus spreading had not been found relatively quickly, then the disruption could have been much worse.
"The DHSC and its arm's-length bodies were unprepared for the relatively unsophisticated WannaCry attack; they had not shared and tested plans for responding to a cyber attack, nor had any trust passed a cyber security inspection."
The PAC report states that the DHSC know more about NHS preparedness for a cyber attack now, but still have more to do to support trusts to meet required cyber security standards and to respond to a breach.
They concluded: "Although the Department and NHS bodies have learned lessons from WannaCry, they have a lot of work to do to improve cyber security for when, and not if, there is another attack.
"The recent shocking use of a nerve agent to poison those on British soil has heightened concerns about the UK's ability to respond to international threats, and hammers home the risks from those hostile to the UK.
"A cyber-attack is a weapon which can have a huge impact on safety and security. It needs to be treated as a serious, critical threat. The rest of Government could also learn important lessons from WannaCry."
READ MORE: SNP accused of hypocrisy after failing to disclose meeting with Cambridge Analytica
PAC chairwoman Meg Hillier said: "The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cyber security and response plans of the NHS.
"But the impact on patients and the Service more generally could have been far worse, and Government must waste no time in preparing for future cyber attacks - something it admits are now a fact of life.
"Meanwhile, this case serves as a warning to the whole of Government: a foretaste of the devastation that could be wrought by a more malicious and sophisticated attack. When it comes, the UK must be ready."
In an interview with the Press Association, Ms Hillier added: "With WannaCry it was a relatively lucky escape because of when it happened and how quickly it was fixed, it might not be so lucky next time.
"We had a glimpse of what could happen and it's a very big challenge to get this resolved, but it has got to be front and centre of the Government's thinking.
"One of the biggest areas where we need to be defending ourselves is on cyber security because the impact on our country and day-to-day lives could be immense."
A Department for Health and Social Care spokeswoman said: "Every part of the NHS must be clear that it has learned the lessons of Wannacry.
"The health service has improved its cyber security since the attack, but there is more work to do to protect data and patient care.
"We have supported that work by investing over £60 million to address key cyber security weaknesses - and plan to spend a further £150 million over the next two years to improve resilience, including setting up a new National Secure Operations Centre to boost our ability to prevent, detect and respond to incidents."
READ MORE: Theresa May wins Commons airstrike vote but is accused of manipulating Parliament
A spokesman for the National Cyber Security Centre said: "WannaCry was a wake-up call for everyone in the UK to prepare robustly for the very real cyber threats we face.
"Cyber security of the UK is a top priority for the Government, which is why £1.9 billion has been invested in the National Cyber Security Strategy and the National Cyber Security Centre (NCSC) has been opened.
"Part of our cyber security programme is focused on targeted investment in the public sector to make sure protection is as effective as it can be. This is only part of the answer and we are continually working with public sector organisations to help them assess and recognise the commitments they need to make as well."
Why are you making commenting on The Herald only available to subscribers?
It should have been a safe space for informed debate, somewhere for readers to discuss issues around the biggest stories of the day, but all too often the below the line comments on most websites have become bogged down by off-topic discussions and abuse.
heraldscotland.com is tackling this problem by allowing only subscribers to comment.
We are doing this to improve the experience for our loyal readers and we believe it will reduce the ability of trolls and troublemakers, who occasionally find their way onto our site, to abuse our journalists and readers. We also hope it will help the comments section fulfil its promise as a part of Scotland's conversation with itself.
We are lucky at The Herald. We are read by an informed, educated readership who can add their knowledge and insights to our stories.
That is invaluable.
We are making the subscriber-only change to support our valued readers, who tell us they don't want the site cluttered up with irrelevant comments, untruths and abuse.
In the past, the journalist’s job was to collect and distribute information to the audience. Technology means that readers can shape a discussion. We look forward to hearing from you on heraldscotland.com
Comments & Moderation
Readers’ comments: You are personally liable for the content of any comments you upload to this website, so please act responsibly. We do not pre-moderate or monitor readers’ comments appearing on our websites, but we do post-moderate in response to complaints we receive or otherwise when a potential problem comes to our attention. You can make a complaint by using the ‘report this post’ link . We may then apply our discretion under the user terms to amend or delete comments.
Post moderation is undertaken full-time 9am-6pm on weekdays, and on a part-time basis outwith those hours.
Read the rules here