The ongoing barrage of cyberattacks across key business sectors serves to highlight the resilience – or vulnerability – of the UK’s critical national infrastructure, and we’ve seen a lot of talk in the media about national cyber resilience.
The online chatter was further bolstered by the UK announcement in the King’s Speech that the government intends to bring a new Cyber Security and Resilience Bill before Parliament.
The government says its proposed new bill comes in response to attacks on the UK digital economy by both cybercriminals and state actors, which have affected both public services and infrastructure.
As a case in point, the recent Russian cyberattack on private pathology company Synnovis, which provides services to the UK’s NHS, has caused widespread disruption to patient services, with some patients now facing waits of up to six months for blood tests.
The healthcare sector is a prime target for malicious cyber-attacks due to the vast amounts of sensitive patient data stored by healthcare providers. This data is often shared through interconnected and interoperable systems across a wide spectrum of third-party vendors, as well as OT and ICS type devices. A successful cyberattack can lead to data theft, exposing patients to identity theft, financial fraud, potential terrorism and even blackmail.
For a healthcare organisation, the financial impact of a breach can be immense, with potentially life-threatening consequences. For example, if care-related systems go down due to an attack, losing access to an eMAR or digital care planning system could result in life-saving medication not being administered or the inability to access digital care records.
To minimise the impact of an incident, healthcare providers should consider the following measures:
Conduct comprehensive end-user awareness training: Ensure all staff understand phishing and social engineering techniques, for example. Not every member will have a technical background, but everyone should recognise and understand that they share a common cyber risk.
Maintain regular immutable backups: Ensure these backups are from a verified ‘safe’ state and stored offline. The integrity and regularity of backups are crucial for eradicating threats if a reboot or rebuild is required.
Leverage centralised log systems: Use systems like Security Information and Event Management (SIEM) to increase log retention and availability during incident analysis. Effective defence requires visibility and management of systems.
Identify assets storing sensitive data: Implement strong identity and access controls along with proper network segmentation. The introduction of IoT medical devices means reconfiguring firewalls and zones with strict policies, enhancing operational management through federated identity and access control.
Implement strict identity policies for remote services: Use multi-factor authentication (MFA) for all internet-accessible remote access. Better still, implement the use of hardware tokens or biometric authentication as part of MFA.
Patch all devices rigorously: Conduct thorough reviews on device types, utilisation and rollout success. This can be particularly challenging in healthcare environments due to some devices and applications being incompatible with newer patches.
By adopting measures such as these, healthcare organisations can better protect their systems and sensitive patient data from cyber threats.
