NHS Cyber Attack - Time To Cure The Bug
17 August 2017 14:51
With news breaking of hospitals up and down the country having to divert emergency patients due to a large-scale cyber attack, the dark side of the cyber world has dimmed even further. The attack, believed to be a form of ransomware, has meant that the NHS is unable to use many of it's IT systems.
The attack is just another example of why the NHS is in need of a cyber cure, and the quicker the better. There's a fitting comparison that describes the similarities between our health and the world of online security:
“Doctors tell us that getting a jab is the best protection against the flu, even though the effectiveness of the latest vaccine is based on last winter’s strain of the virus. In this respect, health is like online security: a new mutation will always expose a gap in your defences”.
These new ‘mutations’ are inevitable, as cyber criminals are constantly creating new ways to attack institutes… so how can our trusts cure these exposures?
Now, there might not be a cure as such, but there are certainly some steps that can be taken to reduce the consistency and damage of successful attacks. Cyber attacks, such as ransomware, have increased from over 1,500 in 2013-2014 to more than 7,000 cases in this financial year, with 34% of NHS trusts suffering attacks in the last 18 months. One of the biggest and most recent attacks on our institutes was this year's attack against Barts Health Trust, the largest trust in the country. Barts shut down many of its systems for fours days, and have now clarified that the attack was a never before seen form of trojan malware.
These NHS trusts are in need of some vital components to be put in place, in order to combat this issue more efficiently.
Proven technology, such as comprehensive blacklisting and whitelisting, read-only access, context-aware controls, automated de-provisioning and adequate back-up, are some of the vital parts that need to be implemented. There’s still the concern that many NHS trusts still rely on legacy IT systems, such as Windows XP… something that can cause significant vulnerabilities against potential attacks.
Then there’s also the concern with the internal apps being used within the NHS. A Freedom of Information (FoI) request found that many trusts are not scanning these apps efficiently enough, and are potentially exposing patient data to cyber criminals. In fact, 45% admitted scanning only once a year and less than 8% do so on a daily basis.
With these suggestions, there are no illusions that healthcare providers are constantly under pressure to stretch funding, and correcting an IT breach can be very costly and can have severe effects on budgets.
But the importance of doing making steps is pivotal. Attacks against the NHS can, overall, have detrimental effects for an institute and its patients. For people with scheduled operations or diagnoses, it can create more than an inconvenience, it can potentially impact their health. Patients who are already in the hospital can be asked to move to another hospital whilst IT teams attempt to rectify the issue, resulting in overcrowding.
Digital cleanliness, proven technology and, of course, a culture of security-minded workers, could provide the effective dose to help sterilise these risks.