U N D E R T H E M I C R O S C O P E
WILL POOLE
HEAD OF INCIDENT RESPONSE AT CYFOR SECURE
Will Poole , Head of Incident Response at CYFOR Secure , tells us about the escalating ransomware threat to the UK ’ s healthcare sector and the vital importance of building resilience and enhancing incident response to combat these cyberattacks .
The UK ’ s healthcare sector has been under tremendous strain since the pandemic . As hospitals struggle to clear patient backlogs that built up during COVID and cope with broader demographic changes , they must battle another persistent challenge . Ransomware has been on the radar of healthcare organisations ( HCOs ) since WannaCry caused widespread chaos in 2017 . But it continues to imperil patient health and HCOs ’ finances . The latest victim was the esteemed King Edward VII ’ s Hospital in Harley Street .
Ransomware actors continue to act with impunity from distant jurisdictions where they remain unpunished . So , what can healthcare CISOs do to respond ? Building resilience and enhancing incident response will be key .
Why is healthcare so exposed ?
No two HCOs are the same – even within the NHS . But organisations operating within the sector do often share some key traits which make them a more attractive target for ransomware . The first is the size and makeup of the typical attack surface . There are 1.5 million devices in the NHS alone . These range from home working laptops to legacy operational technology ( OT ) and modern IoT endpoints . They must all be patched , protected with secure authentication and properly managed . But it takes just one exposed endpoint and an untrained user to give an attacker the advantage .
OT equipment in particular is at risk as it often has a long lifespan and may therefore not support modern software and operating systems , making software updates a challenge . Over 1,200 pieces of diagnostic equipment were infected with WannaCry , according to a Lessons Learned review of NHS England .
That brings us to the second challenge : employees . As with organisations operating in any sector , people are often the biggest security weakness . That ’ s especially true of home workers , who may be more distracted or just more inclined to disobey security policy when away from the office . Yet when it comes to clinical environments , the pressure of the job combined with an increasing workload could also lead to human error .
It is errors like these that cybercriminals are hoping to precipitate when they send phishing emails to harvest credentials or covertly install malware .
Unfortunately , just a third ( 35 %) of healthcare sector organisations have had cybersecurity training or awareness raising over the past year , according to government figures . The share was much higher in medium ( 52 %) and large-sized businesses ( 77 %).
Finally , consider the risks that come not from within the NHS trust or private healthcare provider itself , but are introduced by a large and growing supply chain . This could mean anything from cleaning companies and contractors to pharmaceuticals firms , academic institutions and software developers . A ransomware attack on UK software supplier Advanced impacted the NHS for weeks after the initial breach , including its key 111 helpline .
More recently , Ireland ’ s HSE admitted it was impacted by the MOVEit data theft campaign . Here , customers of the popular file transfer software had information stolen by a ransomware group that exploited a zero-day vulnerability in the code .
Add to these risk factors the low tolerance HCOs have for service outages , and the highly monetiseable personal ,
60 www . intelligenthealth . tech