In today’s digital landscape, every industry is a potential target for cybercriminals, but the healthcare sector is particularly vulnerable. This is unsurprising, given that many of the organisations that operate within this space handle vast amounts of sensitive patient data – including personal and medical records – day-in, day-out. If these records are stolen or tampered with, the consequences could be devastating, or even life-threatening. As a result safeguarding health data has become critical.
Just last month, a cyberattack that impacted several London hospitals including King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust resulted in over 1,000 planned operations and 3,000 outpatient appointments being postponed. According to the founder of the UK’s National Cyber Security Centre (NCSC), this might not be an anomaly, thanks to the NHS’s outdated IT systems and lack of basic security practices.
Just like the infamous 2017 WannaCry attack, the incident serves as a reminder of the importance of data protection for healthcare organisations. With budget concerns and talent shortages rife throughout the sector, it’s easy to see why implementing robust cybersecurity strategies can slip down the priority list, however in today’s digital landscape, it is a necessity.
A costly business
Research released last year revealed that three in four (76%) healthcare organisations around the world have experienced a successful ransomware attack and two thirds (65%) have experienced data loss from other types of attack. almost half (43%) of those organisations consider data security as their primary risk. This comes ahead of economic uncertainty (39%) and the adoption of emerging technologies like AI (32%).
A cyberattack has the potential to destroy any business. When it comes to the healthcare industry, especially the UK’s National Health Service (NHS) which services a large portion of the population, an attack feels more personal. Its impact is widespread and unavoidable. At a base level, cyberattacks can disrupt medical services and cripple hospital operations. This is because, when systems are down, essential patient information is inaccessible. This can delay medical procedures and compromise patient care. It can also increase the risk of medical errors and negatively impact treatment outcomes.
Beyond this, cyberattacks also frequently result in hefty financial costs. Sometimes this is in the form of immediate ransomware payments, however, any prolonged downtime and recovery following an attack could also have an impact. In the healthcare space, it can be even more tempting to pay off the attackers, due to the sensitivity of the information they manage to get hold of.
Another implication which isn’t always considered is the impact a cyberattack will have in terms of patient trust. A cyberattack in which malicious actors manage to access sensitive data can lead to a loss of confidence in an organisation’s data safeguarding abilities and can seriously damage its long-term reputation.
Safeguarding the health industry against the inevitable
In today’s digital age, the question is not if a healthcare organisation will face a cyberattack, but when. With that in mind, those in the health sector must be ready to mitigate the effects and recover quickly. Here are some ways in which health organisations can improve their safeguarding and protect data from attackers:
- Implement a data backup and recovery plan designed for the safeguarding of essential health data and ensure business continuity. Backup processes should capture all critical data and be executed at regular intervals. Coupled with a swift recovery process, data backup and recovery help minimise downtime and ensure business continuity when data is lost due to malicious activities.
- Invest in cyber awareness training. Develop and implement an ongoing cyber awareness programme to educate the entire organisation on the latest cyber threats and the policies to avoid them. The programme should be continually updated to reflect emerging threats and remain a critical line of defense in identifying and thwarting potential cybercrimes.
- Deploying advanced security technologies like firewalls, anti-malware tools, and intrusion detection systems that use AI and machine learning for predictive threat analysis and response.
- Regularly stress test and break systems to identify where the weak points are. Often organisations – especially within the public sector – implement security strategies and then wait until an incident occurs to see whether their framework is effective. With the regularity of attacks in the current landscape, this cannot adequately anticipate the scale at which breaches are attempted.
The ability to deliver effective healthcare services relies on data. It is what enables nurses and doctors to diagnose their patients, it is what ensures that patients are not given medication that they are allergic to, and it is what helps us as a society to develop life-saving treatments and innovations. Unfortunately, attackers know this, and they are not above using it to their advantage.
Whilst facing cyberattacks is inevitable for healthcare organisations, losing data doesn’t have to be. Data protection strategies and cybersecurity tools can enhance defense mechanisms and improve the healthcare industry’s ability to respond promptly to emerging threats.
By Oliver Norman, Regional Vice President for UK & Ireland at Veritas Technologies
