Connect with us


Key tips for accelerating the health security compliance journey

By Jack Porter, Public Sector Specialist, Logpoint



Disruption or delays in health services can be extremely damaging.

In January 2023, President of the Royal College of Emergency Medicine, Dr Adrian Boyle, estimated that as many as 500 people might be dying each week owing to delays in emergency care.

While such a statement might raise questions over funding, resources or efficiency in bridging existing gaps, we’re increasingly seeing incidents where the ability of hospitals to effectively serve patients is taken out of their hands entirely.

Unfortunately, the number of instances in which cyberattacks significantly disrupt health services continues to grow – so much so, that today there are multiple examples where threat actors have contributed to fatalities. 

Back in 2019, a ransomware attack on Springhill Medical Center in Alabama caused disruptions that led to the tragic death of a newborn.

In 2020, meanwhile, a ransomware attack against Düsseldorf University Hospital resulted in a 78-year-old patient being diverted to another facility, where she later died.

In the UK, the NHS has not been immune to the issue of cyberattacks either. 

Indeed, a major cyberattack that occurred in August 2022 led to the outage of software used to access patient data across NHS 111, mental health trusts, community hospitals and out-of-hours GP services.

The disruption lasted weeks, resulting in significant safety risks such as patients being prescribed incorrect medications and dosages.

DSPT: What are health organisations required to do?

The motivations from threat actors targeting health organisations are often financial. 

Healthcare is undoubtedly the highest-stake industry – people’s lives are dependent on the ability to access services around the clock.

Therefore, if that service provision can be impeded, then attackers know they stand a good chance of extorting their victims for cash. 

Statistics from Sophos’s The State of Ransomware in Healthcare 2023 report confirm this. Of the 73 per cent of healthcare organisations that had their data encrypted, 42 per cent reported that they paid the ransom requested by threat actors to recover their data.

In response, the UK government is implementing measures in an attempt to ensure that healthcare providers and their critical IT infrastructure become more robust in combatting potentially catastrophic attacks. 

Much of this endeavour will culminate in a new 2030 strategy aimed at bolstering cyber resilience in healthcare, a key part of which is the updating of the Data Security and Protection Toolkit (DSPT)

While DSPT was originally introduced as a guide to support healthcare providers in developing an improved security posture and minimising risks, this has since become a mandatory evidence-based system, requiring NHS entities to align their practices with 10 National Data Guardian (NDG) standards.

Of course, such measures are intended for good: to enhance the ability of health providers to combat attacks.

However, these new rules are being introduced at a time when the NHS is already under immense pressure – from an operational and workforce perspective, but also from a regulatory standpoint. 

Looking at the 2023 NHS Providers’ Regulation Survey, more than half of respondents feel that the regulatory burden on their trust had increased.

And that’s only set to be heightened with the demands of DSPT.

Spanning aspects including personal confidential data, training, data access management, incident response, process reviews, continuity planning, and IT protection, achieving compliance across all 10 standards is no easy task. 

Therefore, it is vital that organisations leverage any key tools and support available to ease, accelerate and enhance their compliance journey.

But what solutions exactly should healthcare organisations be looking to embrace?

Key security features to prioritise

Enter security information and event management (SIEM) systems. 

Built with the intent of helping organisations to detect, analyse, and respond to security threats before they harm business operations, these can be an immense help in addressing some of the major points of compliance listed in the NDG standards.

With that said, not all SIEMs are made equal.

When considering which SIEM to opt for, healthcare organisations should keep an eye out for several features. 

First, they should opt for a solution that provides centralised log storage and big data platform capabilities that may scale to any organisation’s size.

Any data held should also be indexed and searchable, while platforms should uphold data privacy functionality and role-based access to log data.

A good SIEM will also help administrators to quickly identify and address dormant accounts via simple audits, enabling them to remove privileged user access when no longer required or appropriate.

Ideally, this would all happen in an automated manner.

Ease of use is another important consideration.

Readable dashboards, alerts and reports should clearly highlight potential issues such as failed logins and bad password management practices, with some SIEMs capable of leveraging machine learning to automatically identify and flag unusual behaviour patterns.

Fourthly, integration with other third-party threat feeds is vital in the modern day.

This will offer key insights into evolving threats such as new payloads or malicious domains, to which security teams can respond accordingly. 

Embracing a converged SIEM is critical

It is not just about the features of a SIEM, of course.

Equally, it is important to consider support, scalability and cost. 

Organisations should look to work with providers that can help to ensure their systems are effectively implemented and continually used in an optimal manner to maximise their investments.

Further, they should prioritise policies for which the price structure is based on the number of devices, making budget considerations easier and more transparent.  

Of course, there is a lot to consider here.

Yet arguably the most important aspect is pursuing a strategy that is centred around a converged SIEM.

Critically, a converged SIEM allows organisations to take a holistic approach to security.

By prioritising the big picture over individual, isolated tools, firms will boost cost transparency and reduce the burdens on security teams faced with managing a variety of disparate solutions. 

By streamlining operations, security professionals will be freed up to focus on embracing key practices that align more closely with DSPT standards, ensuring greater ease of compliance for already stretched healthcare organisations. 

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending stories