Thursday 11th May. The frequency of attacks on NHS organisations is intensifying as attackers identify the value of sensitive patient data. For many NHS organisations keeping workloads safe in their own data centres, and in the Cloud, is becoming an increasingly difficult task.
Breaches are the top privacy and security concern in health and life sciences organisations, according to global research conducted by Intel in 2016.
In October 2016, hospitals run by North Lincolnshire and Goole NHS Foundation Trust were hit by a major cyber attack. They were forced to shut down key systems and cancel patient appointments to isolate the issue.
Given the ever-tighter integration with the local health economy, the issue also impacted GP and community health services. Other recent examples include the UK's largest Trust, Barts Health. They became the victim of a Trojan malware breach and multiple Trusts saw their corporate homepages defaced. This included Dudley and Walsall Mental Health Partnership NHS Trust.
Cyber attacks like this can have dire consequences. Systems get shut down, patient appointments can get cancelled and attacks can even result in demands for ransom payments.
Back in October 2016 the Government warned about risk of cyber attacks in the NHS: “Hacking is no longer the stuff of spy thrillers and action movies, but a clear and present threat.”
UK Healthcare Security Trends
OCSL is working closely with Microsoft & Intel in the UK to conduct a Healthcare Security Readiness Programme. The Progamme is designed to help Trusts understand where they stand in terms of maturity, priorities and breach-security capabilities.
Some interesting trends have started to emerge from the 19 health organisations that have already conducted the programme in the UK:
• UK healthcare organisations outperformed Global ones in capabilities such as User Awareness Training or Endpoint Device Encryption. However, they are lacking behind in Security Information & Events Management and Threat Intel.
• One of the least mature capabilities overall in UK Health organisations is Network Data Loss Prevention (Prevention Mode). Astonishingly, only 6% of organisations have it.
• 82% of respondents listed Cyber crime hacking as a high priority, followed by Ransomware (75%) and Insider Accidents or Workarounds (63%) as medium/high priorities.
Healthcare Security Readiness Programme
If you’re interested in taking part in the programme, OCSL’s experts will take you through an initial 1 hour discussion. We’ll help identify your organisation's approach to security, including eight types of breaches and 42 security capabilities.
Following this, we'll provide a comprehensive and confidential report that shows how you compare with the broader UK health industry.
The real value, however, is a targeted action plan including recommendations on where your organisation can make both immediate and strategic steps to increase your breach preparedness.
There is no simple answer to securing your environment, but understanding your organisation's readiness is a key first step. We’ll help you explore these limitless possibilities and see new perspectives.
• Initial 1 hr exploration discussion
• Confidential report illustrating your current security position
• Targeted action plan & recommendations
Please contact me if you have any questions regarding the report or would like to book the complimentary workshop.
Update: in light of the cyber attack of Friday 12th May I've also published a second thought piece in follow up to this original one. To read 'What happens when reality hits: Cyber Attacks in the NHS' click here.