The cyberattack on NHS Dumfries and Galloway and London Hospitals are the latest breaches to highlight how very exposed the UK healthcare system is to cyber threats. With attackers claiming to have stolen three terabytes of data, this incident highlights the acute vulnerability of the NHS.
Ransomware and data theft pose the most persistent and significant threats. The NHS’s exposure to such risks highlights the need for a significant update to its cybersecurity approach, moving from one that focuses solely on attack prevention to comprehensive breach containment. Despite UK authorities laying out strategies to bolster cyber resilience across health and social care systems, it’s clear more needs to be done to strengthen the NHS’s defences against cyber threats.
Navigating cybersecurity challenges in NHS organisations
The critical nature of healthcare operations and the wealth of sensitive patient data makes the healthcare sector a lucrative target for cybercriminals. Ransomware attacks, especially extortion-only attacks, are becoming a preferred method for criminals, when it comes to healthcare. Threat groups aim to both steal sensitive data for resale and blackmail, and to cripple healthcare services to demand hefty ransoms.
In the case of NHS Scotland, we know they will follow the UK’s firm stance against complying with ransom demands. So, the real danger lies in the potential compromise of patient confidentiality and the risk to operational up-time and patient care.
With client safety on the line, Trusts like NHS Dumfries and Galloway must explore new ways to protect their infrastructure and data. This has become more challenging as healthcare organisations embrace digitalisation. Traditional security measures can be too rigid and slow compared to the dynamic nature of cloud-led environments used by NHS organisations.
Cloud migration: unveiling new security vulnerabilities
The cloud is one of the greatest points of vulnerability in the NHS. As healthcare organisations rapidly transition to cloud-based systems and digital records, patient care has significantly benefited from the increased agility these technologies provide. However, this shift has simultaneously expanded the cyberattack surface. Illumio’s Cloud Security Index research reveals that 39 percent of healthcare institutes globally faced annual losses exceeding $1.1m due to cloud breaches. The healthcare sector faced a total loss of over $2.5 million due to cloud breaches suffered either directly or indirectly.
Additionally, the constant need for uptime in healthcare means that these facilities seldom have the luxury to pause for maintenance or updates, and economic pressures and budgetary constraints further tighten the operational leash. Given the myriad of attack vectors and constrained resources, healthcare providers cannot possibly tackle every single threat. Consequently, adopting an assume attack strategy becomes imperative.
Operating under the assumption that attacks are inevitable is crucial for advancing towards a mature security strategy, such as Zero Trust. Far from conceding defeat, this approach equips providers to strategically manage and mitigate threats. It shifts the focus from merely trying to prevent unauthorised access to ensuring that once inside, the attackers movements are severely restricted and their impact minimised. This strategic shift involves understanding the attackers perspective to identify and protect critical assets effectively.
Advocating for Zero Trust in healthcare
Zero Trust is grounded in the ”never trust” always verify” principle, and is critical if healthcare organisations are to strengthen cyber defences and operational resilience. It requires stringent authentication for every network access, challenging the outdated assumption that credentials alone ensure security.
A key component of a Zero Trust strategy is Zero Trust Segmentation (ZTS), which applies the “never trust” principle to microsegmentation. Within this technology, NHS staff can access systems seamlessly, maintaining productivity without compromising security. The identity-based approach of ZTS fits easily into the NHS guidelines for segmentation, based on the five diagnostic pillars.
ZTS enforces strict identity checks for every network movement, effectively blocking unauthorised access. Just as a hospital won’t allow unauthorised personnel in operating theatres, ZTS fortifies critical network segments against unauthorised entry, thus protecting the NHS’s critical assets and patient data against cyber threats.
Empowering NHS institutions with Zero Trust Segmentation
Having the ability to effectively isolate and counteract threats is critical in preserving system integrity and patient data privacy. Adopting proactive breach containment approaches, such as ZTS boosts cyber resilience, whilst also ensuring compliance with legal and regulatory standards. This ultimately helps a healthcare institution to maintain its credibility, reputation, and keep its critical services operational.
ZTS begins with comprehensive network mapping to pinpoint potential vulnerabilities and key assets. Armed with this insight, organisations can implement stringent access controls governed by the least privilege principle, which restricts user and device access to only what is essential for their function.
Moreover, consistent monitoring and updating of cybersecurity protocols are imperative, especially in the context of the supply chain, which can be a significant vulnerability. The cyber incident involving Romanian hospitals earlier this year starkly reminds us that attackers exploit supply chain weaknesses to bypass robust security measures. It is essential to verify that suppliers implement robust controls, including Zero Trust principles, to protect against vulnerabilities effectively.
Overall, the healthcare sector must pivot to a defensive stance, anticipating breaches and adopting proactive risk-based security measures such as ZTS. This proactive approach, can help institutes like NHS Scotland to embody the never trust, always verify mantra. This stance is crucial for protecting patient information and ensuring continuous care against the backdrop of escalating cyber threats.
