NHS hospitals are still vulnerable to a cyber attack despite lessons learned in the WannaCry hack in 2017, a report has warned.
Tech leaders say outdated computer systems, a lack of investment and a gap in skills and awareness is threatening the health service.
Health chiefs have now been told to urgently pump more money into IT security to protect hospitals’ and doctors’ computer systems.
Imperial College London’s Institute of Global Health Innovation raised the concerns in their White Paper on NHS Cyber Security.
It said cyber attacks on hospitals can leave medical staff unable to access patient details – such as blood test results or X-rays.
They can also prevent life-saving medical equipment or devices from working properly, and in some cases lead to patient data being stolen.
The report warned the risk of another cyber attack is growing as the NHS begins to use more artificial intelligence, digital medicine and robotics.
Health Secretary Matt Hancock has spoken openly about his grand plans for a ‘digital revolution’ in the health service.
The NHS was crippled by the WannaCry cyber attack in May 2017, carried out by a North Korean espionage group
Lord Ara Darzi, co-director of the IGHI, said: ‘We are in the midst of a technological revolution that is transforming the way we deliver and receive care.
‘But as we become increasingly reliant on technology in healthcare, we must address the emerging challenges that arise in parallel.
‘For the safety of patients, it is critical to ensure that the data, devices and systems that uphold our NHS – and therefore our nation’s health – are secure.’
The NHS was crippled by the WannaCry cyber attack in May 2017, which was believed to have been carried out by a North Korean espionage group.
It disrupted 80 trusts across England alone with them were either infected by the ransomware or had to turn off their devices as a precaution.
The virus, which spread via email, locked staff out of their computers and demanded £230 to release the files on each employee account.
Locked-out medics had to rely on pen and paper, while crucial equipment such as MRI machines was also disabled by the attack.

The WannaCry virus, which spread via email, locked staff out of their computers and demanded £230 to release the files on each employee account
The health service was forced to cancel almost 20,000 hospital appointments and operations as a result of WannaCry, a report later revealed.
Five A&E departments even had to divert ambulances away at the peak of the crisis. The attack lasted for around four days.
However, the authors of this report warn WannaCry was unsophisticated – and that the number and quality of attacks on the NHS is rising.
The report collected evidence from NHS organisations and examples of previous cyber attacks in the UK and across the globe.
It outlined a number of crucial measures that NHS trusts need to implement to slash the risk of being disrupted by another attack.
These include employing cyber security professionals in their IT staff, and allowing staff to easily access help on cyber security.
It also recommends building ‘fire-breaks’ into computer systems to allow certain segments to become isolated if infected with a virus.
Hackers may use any of a number of tricks to gain access to computers, such as attaching a virus to an email.
Lord Darzi said: ‘This report highlights weaknesses that compromise patient safety and the integrity of health systems.
‘So we are calling for greater investment in research to learn how we can better mitigate against the looming threats of cyber attacks.’
‘Since the WannaCry attack in 2017, awareness of cyber attack risk has significantly increased,’ said Dr Saira Ghafur, lead author of the report.
However, she added further awareness and improved cyber security ‘hygiene’ is needed ‘to counteract the clear’ threat.
‘The effects of these attacks can be far-reaching,’ Dr Ghafur added, saying medical records could be tampered with.
She said: ‘Addressing the issue of cyber security will take time, as we need a shift in culture, awareness and infrastructure.
‘Security needs to be factored into the design of digital tools and not be an afterthought.
‘NHS trusts are already under financial pressure, so we need to ensure they have the funds available to ensure robust protection against potential threats.’
The WannaCry attack cost the health service £92million, a Department of Health and Social Care report in October revealed.
Around £72million was spent on IT support in the wake of the virus, while a further £20million was added to the bill from ‘lost output’.
In response, the Government said all health trusts should make plans to upgrade their cyber security, in a move which could cost up to £1billion.
But leaked emails revealed that NHS chiefs were reluctant to pay for the higher protection, saying it ‘would not be value for money’.
Last year, the health service also announced plans to spend £150million on cyber security over the next three years.
In February, a new joint unit known as NHSX was revealed to work on the health service’s digital transformation.