Mark Hall, public sector director at Redcentric
The NHS is currently facing the second highest number of cyber security related incidents on record. As patient data is becoming increasingly more valuable to criminals and the rate at which attacks take place continues to grow, cyber security is now as critical as ever.
It was reported at the end of 2016 that almost 30 NHS trusts may have been targeted by ransomware attacks. Worryingly, since the release of the report there have been further reported instances, all with equally worrying consequences. In October, a cyber-attack on three hospitals forced management to shut down computer systems, which meant thousands of operations and appointments were cancelled. News of the breach surfaced a day after the chancellor Philip Hammond, launched the government’s National Cyber Security Strategy, which will see an investment of £1.9 billion to prevent damaging cyber-attacks.
Attacks of this size can have detrimental consequences for a hospital and its patients. For those living far away with scheduled operations or diagnoses and relying on organised transport, it can not only create inconvenience but could also impact health. This can also be the case for many already in the hospital. In some cases patients can be asked to move to another hospital while IT teams try to rectify the issue which could lead to temporary overcrowding. It’s also no secret healthcare providers are under pressure to stretch funding, therefore correcting an IT breach which could cost thousands can have a severe effect on budgets.
Around 44 per cent of all economic crimes committed against UK companies were carried out electronically, which is a record high. Healthcare is currently the most vulnerable sector ahead of financial services and manufacturing. Most of the attacks tend to be of the ransomware kind, where the hacker will gain access to the system and encrypt all data. Although the healthcare sector and patient data hasn’t always been a target for criminals, it has now become a key one. It is no longer just about identity theft but the wider possibilities of accessing to patient records. Criminals could gain access to prescription drugs, cancel appointments and alter patient record history all resulting in tremendous harm and stress. An attack like this also has the potential to make national headlines, fuelling others to make similar attacks.
NHS Digital has been commissioned by the Department of Health to develop a number of initiatives to improve cybersecurity for healthcare services. In late 2015, CareCERT was launched with the aim of offering advice and guidance to support health and social care services responding to cyber threats. NHS Digital is now able to analyse potential threats and benefit from the latest technological knowledge. CareCERT also monitors the NHS’s N3 network and ensures organisations are better protected against attacks. However, as of April 30th 2017, health services operating on N3 will have to transition to HSCN which has been designed to provide a reliable, efficient and flexible solution for healthcare services. The HSCN will support the NHS on its digital transformation journey while creating a secure and collaborative workplace that meets requirements.
The increased rate of data breaches on NHS trusts highlights how valuable patient data has become to criminals in recent years. The time has come for organisations throughout the healthcare sector to fully protect not only their own establishments, but also their patients from cyber attacks, or face the potentially crippling impact of cybercrime first hand.
