Disruption or delays in health services can be extremely damaging.
In January 2023, President of the Royal College of Emergency Medicine, Dr Adrian Boyle, estimated that as many as 500 people might be dying each week owing to delays in emergency care.
While such a statement might raise questions over funding, resources or efficiency in bridging existing gaps, we’re increasingly seeing incidents where the ability of hospitals to effectively serve patients is taken out of their hands entirely.
Unfortunately, the number of instances in which
While DSPT was originally introduced as a guide to support healthcare providers in developing an improved security posture and minimising risks, this has since become a mandatory evidence-based system, requiring NHS entities to align their practices with 10 National Data Guardian (NDG) standards.
Of course, such measures are intended for good: to enhance the ability of health providers to combat attacks.
However, these new rules are being introduced at a time when the NHS is already under immense pressure – from an operational and workforce perspective, but also from a regulatory standpoint.
Looking at the 2023 NHS Providers’ Regulation Survey, more than half of respondents feel that the regulatory burden on their trust had increased.
And that’s only set to be heightened with the demands of DSPT.
Spanning aspects including personal confidential data, training, data access management, incident response, process reviews, continuity planning, and IT protection, achieving compliance across all 10 standards is no easy task.
Therefore, it is vital that organisations leverage any key tools and support available to ease, accelerate and enhance their compliance journey.
But what solutions exactly should healthcare organisations be looking to embrace?
Key security features to prioritise
Enter security information and event management (SIEM) systems.
Built with the intent of helping organisations to detect, analyse, and respond to security threats before they harm business operations, these can be an immense help in addressing some of the major points of compliance listed in the NDG standards.
With that said, not all SIEMs are made equal.
When considering which SIEM to opt for, healthcare organisations should keep an eye out for several features.
First, they should opt for a solution that provides centralised log storage and big data platform capabilities that may scale to any organisation’s size.
Any data held should also be indexed and searchable, while platforms should uphold data privacy functionality and role-based access to log data.
A good SIEM will also help administrators to quickly identify and address dormant accounts via simple audits, enabling them to remove privileged user access when no longer required or appropriate.
Ideally, this would all happen in an automated manner.
Ease of use is another important consideration.
Readable dashboards, alerts and reports should clearly highlight potential issues such as failed logins and bad password management practices, with some SIEMs capable of leveraging machine learning to automatically identify and flag unusual behaviour patterns.
Fourthly, integration with other third-party threat feeds is vital in the modern day.
This will offer key insights into evolving threats such as new payloads or malicious domains, to which security teams can respond accordingly.
Embracing a converged SIEM is critical
It is not just about the features of a SIEM, of course.
Equally, it is important to consider support, scalability and cost.
Organisations should look to work with providers that can help to ensure their systems are effectively implemented and continually used in an optimal manner to maximise their investments.
Further, they should prioritise policies for which the price structure is based on the number of devices, making budget considerations easier and more transparent.
Of course, there is a lot to consider here.
Yet arguably the most important aspect is pursuing a strategy that is centred around a converged SIEM.
Critically, a converged SIEM allows organisations to take a holistic approach to security.
By prioritising the big picture over individual, isolated tools, firms will boost cost transparency and reduce the burdens on security teams faced with managing a variety of disparate solutions.
By streamlining operations, security professionals will be freed up to focus on embracing key practices that align more closely with DSPT standards, ensuring greater ease of compliance for already stretched healthcare organisations.
