The NHS turned 75 last year and, for those working at the cybersecurity frontlines within the service it was an extraordinarily challenging year.
With NHS budgets stretched to breaking point, under-resourced and under-equipped NHS cybersecurity teams are struggling to protect existing systems from an ever-increasing range of threats. And, with new digital apps and services rolling out at pace for patients, the risks of breach are increased even further. Unfortunately, cybersecurity skills and modern tools are also in short supply.
It is therefore not surprising that NHS trusts are attractive targets to cyber criminals looking to gain access to highly confidential information of millions of patients and employees. In June, Barts Health NHS Trust, which runs five London hospitals and serves 2.5 million patients, was one of these casualties. The APLPHV ransomware gang, also known as BlackCat, claimed to have stolen 70 terabytes of sensitive data from the Trust in an incident it proclaimed to be the largest-ever breach of healthcare data in the UK. Also in June, a ransomware attack on the University of Manchester compromised the data of more than one million NHS patients.
TURNING POLICY TO ACTION
Thankfully, the challenges facing the NHS have not gone unnoticed, with the Department of Health and Social Care (DHSC) publishing the Cybersecurity Strategy for Health and Adult Social Care in March last year. The policy aims to achieve cyber resilience across the UK health sector by 2030, specifically “reducing the cyber security risk to health and social care organisations, protecting patient, service user and staff data, and implementing measures to ensure organisations are able to recover quickly from cyber-attacks when they do occur.”
Prioritising cybersecurity for the NHS through policy is a welcome step forward, but it is vital that this new strategy results in decisive action and deliverable plans – quickly. Without a doubt there is a long road ahead, but by working together healthcare organisations and the government can build cyber resilience across the NHS.
VISIBILITY WITHOUT COMPROMISING CYBERSECURITY
Cyber resilience starts with visibility, yet vast amounts of detailed information on the health and clinical histories of patients are routinely scattered across a wide range of back-end systems, in different formats, both structured and unstructured. This highly sensitive information includes electronic health records, lab results and medical images, as well data gathered from a growing range of newer digital services and devices. To compound the issue, cybersecurity teams are faced with a plethora of disparate security tools which can only ever provide siloed and disconnected visibility of the overall IT estate. These complex environments make protecting sensitive data and monitoring from suspicious activity difficult.
To detect and react to threats in real time, visibility is key. Security teams need to be able to see the bigger picture and take a consolidated approach which allows wide-ranging oversight across the entire healthcare infrastructure, not just elements in silo. Only then can they effectively analyse user behaviour and pinpoint anomalies in events and end-user activities.
Gaining this kind of visibility without compromising cybersecurity is typically achieved by implementing an appropriate SIEM (security information and event management) solution. The best of these will incorporate significant automation, helping to relieve some of the strain on cybersecurity teams by enabling real-time detection and swift resolutions.
AUTOMATION NOW AND IN THE FUTURE
It goes without saying that fast detection leads to more rapid response and it’s here that NHS cybersecurity teams need to focus now before it’s too late. AI is enabling increased attacks at greater speed and sophistication than ever before, but it’s also improving cyber defences. Automation in rules based SIEM technology can detect suspicious activity when key parameters are breached. Where possible, machine learning can resolve incidents independently, alerting security analysts to more complex situations using severity and risk scoring.
This type of technology does not have to add unnecessary burden to already strained budgets. Cost-efficient and reliable solutions exist. The Elastic SIEM solution, is one such example which provides security teams with visibility, threat hunting, automated detection and Security Operations Centre workflows. It already has a proven track record in helping organisations from all sectors, including healthcare, to eliminate blind spots and protect data and infrastructure, while simultaneously boosting efficiency and reducing costs.
Cyber-attacks are a real threat and can strike at any moment, so it’s crucial that organisations are equipped to minimise impact and time needed to recover from any incident, something which was also highlighted in the government’s strategy for cybersecurity resilience by 2030. However, this cannot be achieved unless action is taken today. By taking steps towards better visibility and supporting cybersecurity teams with automation, healthcare organisations can shore up their defences and mitigate risks from the ever-evolving threat landscape.
By Samantha Glutz, Head of Healthcare at Elastic
