In some ways, hospitals might as well have been designed to be exploited by ransomware gangs. As a facility delivering centralised healthcare for thousands of people every single day, the stakes involved in keeping it running 24 hours a day, seven days a week are literally life and death. Hospitals also run on depressingly old legacy systems, operated by sleep-deprived doctors and nurses with little or any time for cyber-awareness training.
That vulnerability is reflected in the data. According to Sophos’s latest State of Ransomware in Healthcare report, some 34% of healthcare organisations were struck by ransomware in 2020. 65% of those hospitals and surgeries hit last year, meanwhile, reported that cybercriminals were successful in encrypting their data – further compromising their systems in lieu of an expensive ransom.
Fortunately, the UK healthcare sector’s cyber defences have grown significantly stronger since then. Not only has the government set up a dedicated organisation in the form of the NHS Cybersecurity Operations Centre (CSOC) to keep a watchful eye on all threats to hospital networks, but has also passed new measures to ensure standardisation of systems, regular upgrades, and training for frontline staff to safeguard against future phishing and ransomware hacks.
Arrival of the ICS
Sophos’s latest white paper, ‘Cybersecurity for Integrated Care Systems in England’, details further reforms the NHS will undergo as part of the arrival of 42 new integrated care systems. New organisational frameworks that bring together local hospitals, nursing homes, GP surgeries and other clinics to deliver healthcare across a wide geographic area, ICSs will replace the primary care trusts introduced by the Health and Social Care Act 2012. In time, hope the government, these new frameworks will result in greater levels of collaboration between healthcare providers and improve overall population health.
Accompanying the arrival of ICSs will be a new emphasis on cybersecurity – all the more important, given the emphasis within the reforms about sharing more data across networks. This naturally creates new points of weakness that cybercriminals will undoubtedly attempt to exploit. As such, CIOs face three key challenges as the NHS undergoes its next phase of digital transformation: ensuring that the complexity of systems across ICSs is reduced; ensuring security standards are upheld rigorously; and ensuring that staff are trained in how to use new technologies and applications in AI, cybersecurity, and the cloud.
Long-term security strategies
Training is particularly important in this regard. More often than not, critical systems are compromised by cybercriminals because someone inside an organisation effectively let them in, usually by clicking on suspect links inside emails that do not appear suspect at all. As such, staff across the NHS in all roles need to be educated about the risks associated with interacting with individuals outside the organisation using digital systems by completing the Data Security Awareness Training mandated by the Data Security and Protection Toolkit recently introduced by the NHS.
IT departments also need to use Endpoint Detection and Response (EDR) tools to monitor internal networks for suspicious activity. As the report points out, however, using EDRs requires expertise and time, not least because of all the false positives that are frequently thrown up by the system as it hunts for malefactors on the network. Consequently, it would be wise for IT departments across ICSs to invest in Managed Detection and Response services, which utilise experienced cybersecurity professionals and sophisticated AI technology to detect, hunt and respond to suspicious activity at all times.
Securing the NHS in the long-term
As the NHS looks forward to implementing the new regime of ICSs, IT departments and frontline staff alike will have to consider how best to secure systems collaboratively. That not only involves relying on EDR tools and MDR teams to identify and suppress threats to the system posed by hackers, but also intelligent training on how to recognise those threats, and forward planning for the deployment of new systems capable of integrating seamlessly with their legacy forebears.
In that respect, Sophos is standing by to offer clients across the healthcare sector with cybersecurity support to suit their needs. That comes in the form of dedicated MDRs working 24/7 to secure systems, as well as a suite of security products and services designed to work seamlessly from the vantage point of a Sophos Central Platform to afford the user with total visibility of their estate. Used together, these services allow clients to pursue intelligent cybersecurity strategies across complex, sprawling networks – safeguarding patient data from attack and denying cybercriminals new opportunities to exploit systems designed, in the end, to save lives.