The battle between the NHS and cyber criminals continues to be fought as hospital trusts are still enduring crippling attacks.
The NHS is currently facing the second highest number of cyber security related incidents on record. As patient data is becoming increasingly valuable and the role of IT seen as ever more crucial in healthcare, trusts are now a prime target for criminals.
Only last month, the largest NHS hospital trust became infected by a suspected
ransomware virus, resulting in parts of its IT systems being taken offline as a precaution. It is still unknown what caused the attack but it is thought that thousands of sensitive patient files were affected.
This incident came just months after another large scale attack on Lincolnshire and Goole NHS Foundation Trust, which saw the cancelation of thousands of operations over four days. It was confirmed that a ransomware attack caused the temporary downtime and cancelation of 2,800 appointments. After carrying out a rigorous recovery strategy, systems were up and running just 48 hours after raising the alarm.
Attacks of this size can have detrimental consequences for a hospital and its patients. For those living far away with scheduled operations or diagnoses and relying on organised transport, it can not only create inconvenience but could also impact health.
This can also be the case for many already in the hospital. In some cases patients can be asked to move to another hospital while IT teams try to rectify the issue which could lead to temporary overcrowding. It’s also no secret healthcare providers are under enormous pressure to stretch funding, therefore the process of correcting an IT breach, which could cost thousands of pounds, can have a severe effect on budgets.
Earlier this month it was reported that one third of UK health trusts suffered cyber attacks over the past 18 months. A staggering 87 of 260 trusts were hit by ransomware virus – making 34 per cent of all attacks. In most cases, a ransomware attack is just a threat but even without action files will still be encrypted. It’s not clear how many hospital trusts have actually paid a fee, but research suggests that at least five of the seven trusts to be successfully hit are likely to have done so.
Around 44 per cent of all economic crimes committed against UK companies were carried out electronically in the past two years, which is a record high. Healthcare is currently the most vulnerable sector, ahead of financial services and manufacturing. Although healthcare and patient data hasn’t always been a target for criminals, it has now become a key one.
It is no longer just about identity theft but the wider possibilities of accessing patient records. Criminals could gain access to prescription drugs, cancel appointments and alter patient record history all resulting in tremendous harm and stress. Such attacks also have the potential to make national headlines, which could potentially fuel others to follow suit.
NHS Digital has been commissioned by the Department of Health to develop a number of initiatives to improve cybersecurity for healthcare services. In late 2015, CareCERT was launched with the aim of offering advice and guidance to support health and social care services responding to cyber threats.
NHS Digital is now able to analyse potential threats and benefit from the latest technological knowledge. CareCERT also monitors the NHS’s N3 network and ensures organisations are better protected against attacks. However, as of April 30th 2017, health services operating on N3 must transition to HSCN which has been designed to provide them with a reliable, efficient and flexible solution. The HSCN will support the NHS on its digital transformation journey while creating a secure and collaborative workplace that meets requirements.
The healthcare sector continues to move towards digitalisation; electronic record keeping, patient portals and remote patient monitoring are just a few examples of how technology is currently being used within trusts.
The increased rate of data breaches on NHS trusts highlights how valuable this patient data has become to criminals in recent years and there’s no sign of these attacks slowing down. Therefore, the time has come for organisations throughout the healthcare sector to fully protect not only their own establishments, but also their patients from cyber attacks, or face the potentially crippling impact of cybercrime first hand.