Connect with us


Cybercrime and its impact on the healthcare sector – what can the NHS do?

By Fabien Rech, VP EMEA, Trellix



Cybercrime and its impact on the healthcare sector - what can the NHS do?

One of the few positive outcomes of the pandemic has been the rapid shift of traditionally ‘late adopter’ industries towards digitalisation. Nowhere is this better exemplified than healthcare.

These days virtual consultations are the norm, as are prescriptions held in, and distributed via, the cloud.

In a hospital setting, beds are now connected devices, artificial intelligence (AI) is helping with everything from early cancer detection to image scanning and some operating theatres come with robotic arms for support.

In a healthcare setting, there is now technology at every turn.

Effective cyber security has never mattered so much

While there are many clear and obvious benefits to this advance in technology use, it does come with a downside.

Health data – always a target for cyber criminals due to the wealth of personal information it involves – has not only become incredibly rich, but also more exposed. Every device, connection, and digital data point is a potential window of attack.

For an NHS that’s already dealing with the strain of the patient backlog and staffing crisis exacerbated by the pandemic, it’s a worrying situation. The consequences of a cyberattack could be huge, from monetary costs to impacting patient care quality.

The healthcare sector is under attack

According to the National Cyber Security Centre (NCSC), it tackled more than 2.7m attempted online scams last year.

This includes removing more than 1,400 NHS-themed phishing campaigns, an 11-fold increase on 2020, including fake messages about vaccine rollouts and certificates.

Our recent Threat Labs Report (April 2022) found that the healthcare sector was second only to individual consumers as the number one target of cybercriminals over the last six months.

In fact, healthcare was the second most targeted sector in Q4 2021, bearing 12 per cent of total attack detections. But, in the face of such relentless and targeted criminality, the key question is – what can be done?

Room for improvement

According to our recent Cyber Readiness Report, 86 per cent of British security professionals believe there is room for improvement in the level of cybersecurity partnerships between the government and organisations.

While investing in more modern cybersecurity solutions can minimise risk for the NHS, government support needs to go beyond carving out sufficient budget for this investment.

It should extend to working more closely with the cybersecurity sector to maximise the benefits of public-private partnerships, from cyber threat intelligence sharing to defensive product interoperability.

Best positioning the NHS for facing threats

As the healthcare sector continues its digital transformation and the attack surface expands further, adaptive security will become even more important.

By implementing an intelligent, proactive security system that can constantly reshape itself to match a specific threat landscape, organisations within the NHS can improve their front line of defence.

To combat cybercriminals today, organisations must also improve their automation, remediation, and resiliency capabilities to defend against increasingly sophisticated attacks.

With machine learning and AI, they can gain the insight needed to predict and prevent emerging threats, identify root causes, and automate processes to enable a quick response – anticipating new threats and adjusting to ensure they remain protected.

Simplify and integrate security operations

After years of gradual digital transformation, many NHS organisations are dealing with a patchwork of technology and cybersecurity solutions today. This can create challenges for IT security teams: alerts get missed and time is wasted pivoting between tools to search for anomalies.

To address these SecOps challenges, organisations should consider evolving their siloed security by implementing a flexible, scalable XDR (extended detection and response) architecture that can seamlessly integrate with their current security tools.

When data is fed into a centralised platform and correlated with other data in a native and open environment, alerts become actionable, SecOps team gain single pane-of-glass visibility into every system and security gaps can be eliminated.

Staff training

It is also essential that employees understand cyber threats and their role in mitigating incidents. Phishing emails have become more frequent and sophisticated during the pandemic.

Educating employees, providing strong governance, and implementing basic cybersecurity hygiene training can all assist in building cyber resilience within the NHS.

Great strides forward in cyber defence

The NHS must keep advancing to make the most of technological innovation and continue providing the best possible patient care.

Yet ongoing digitalisation must be partnered with implementing living security that can adapt to not only meet the NHS’ needs, but also evolve as fast as cybercriminals do.

Continue Reading
1 Comment

1 Comment

  1. Pingback: Health and Social Care Northern Ireland secures specialist support for largest ever digital transformation programme

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending stories