It may not have been considered an early adopter sector, but healthcare is now embracing digitalisation. It was always coming – as demonstrated by the creation of the NHSX delivery plan – but the acceleration of digital transformation in healthcare due to the pandemic has been extraordinary.
Today, virtual consultations are the norm, as are prescriptions held in the cloud. In hospitals, beds are now connected devices, artificial intelligence (AI) is deployed for early cancer detection, and some operating theatres come with robotic arms for support. In a healthcare setting, there is now technology at every turn.
The downside of digitalisation
Unfortunately, this drive for digitalisation comes at a price. By virtue of expanding the technological footprint, a bigger target is created for bad actors. Health data – a constant target for cyber criminals given the personal information involved – has become more exposed. Indeed, every device, connection, and digital data point is now a potential window of attack.
For an NHS that’s already dealing with the strain of the patient backlog and staffing crisis exacerbated by the pandemic, it’s a major concern. The consequences of a cyberattack could be huge, from large fines to putting lives at risk.
Healthcare is a prime target
The National Cyber Security Centre (NCSC) tackled more than 2.7m attempted online scams last year. This included removing more than 1,400 NHS-themed phishing campaigns, an 11-fold increase on 2020, including fake messages about vaccine rollouts and certificates.
Apart from playing on people’s health concerns with targeted phishing campaigns, criminals are also targeting the healthcare sector directly. In May, a group of Russian hackers threatened to shut down British hospital ventilators after an alleged member of their cybercrime gang was arrested in the UK. Looking at data from the last six months, our April 2022 Threat Labs Report found that the healthcare sector was second only to individual consumers as the number one target of cybercriminals. In fact, healthcare was the second most targeted sector in Q4 2021, bearing 12% of total attack detections. In the face of such relentless and targeted criminality, the key question for the NHS is – what can be done?
Collaboration is key
According to our Cyber Readiness Report, 86% of British security professionals think there is room for improvement in the level of cybersecurity partnerships between the government and organisations. While investing in more modern cybersecurity solutions can minimise risk for the NHS, government support needs to go beyond budget. It should extend to working more closely with the cybersecurity sector to maximise the benefits of public-private partnerships, particularly focusing on cyber threat intelligence sharing.
Healthcare needs to be agile
The NHS and its infrastructure needs to be agile. As digital transformation continues in the sector, adaptive security will become even more important. Organisations within the NHS can improve their front line of defence by implementing an intelligent, proactive security system that can constantly reshape itself to match a specific threat landscape.
Improving automation, remediation, and resiliency capabilities will be crucial to defending against increasingly sophisticated attacks. With machine learning and AI, the NHS can gain the insight needed to predict and prevent emerging threats targeting healthcare institutions, identify root causes, and automate processes to enable a quick response – anticipating new threats and adjusting to keep attackers at bay.
Integrate security operations
After years of gradual digitalisation, many NHS organisations are now working with a patchwork of cybercrime and cybersecurity solutions. This can create challenges: alerts get missed and the IT security team’s time is wasted pivoting between tools to look for anomalies.
To address these SecOps challenges, organisations should consider evolving their siloed security by implementing a flexible, scalable XDR (extended detection and response) architecture that can seamlessly integrate with their current security tools. When data is fed into a centralised platform and correlated with other data in a native and open environment, alerts become actionable, SecOps team achieve single pane-of-glass visibility into every system and security gaps can be removed.
Employee training is also critical, given the increase in phishing and email-based scams. It is essential they understand cyber threats and their role in mitigating incidents. Basic cybersecurity hygiene training for staff improves cyber resilience.
NHS must adapt and evolve as fast as cybercrime
The NHS has come a long way, but now is not the time to slow down. More devices, more connections and an increasing reliance on technology to run day-to-day operations requires a new approach to cybersecurity: swapping static, siloed security for embedded ‘living security’ that can flex to match the threat landscape. Only then can the NHS adapt and evolve as fast as cybercrime criminals do, ensuring that digitalisation doesn’t open the organisation up to attack.
By Fabien Rech, VP EMEA, Trellix
