D I G I T A L D I A G N O S T I C S
Having worked as a developer , penetration tester and security consultant for nearly 20 years , Laurie Mercer , Security Architect at HackerOne , shares insight into the potential role of ethical hackers in protecting the healthcare sector .
The healthcare industry is facing a relentless barrage of cyberattacks and the situation is unlikely to improve in the short term . Research surrounding publicly disclosed breaches has shown that between January and September last year , healthcare suffered more attacks than any other sector , with 241 incidents reported . To compound matters , the sector also took the top place for the highest remediation costs and has now held this unenviable position for 13 consecutive years .
As a result , the government has put forward a strategy to strengthen cyberresilience in health and adult social care by 2030 . While acknowledging that every NHS and social care organisation must take responsibility for its own cybersecurity , it advocates for more collaboration to provide a unified approach , with centralised support from national cybersecurity teams . The aim is to ensure that entities within what is largely a decentralised sector work together to share knowledge , optimise costs and achieve a minimum level of security across all systems with a ‘ defend as one ’ mindset .
Although the strategy was set to be published last summer , there is no sign yet of the promised implementation plan . In the meantime , the health sector is faced with the stark reality that theft of patient data is a lucrative business for criminals , intensifying the growth in cyberattacks .
Criminals have the upper hand
Health records contain valuable medical and personal information and fetch a high price on the dark web . Cybercriminals can also use their skills to exploit the critical nature of the data , holding it hostage through ransomware and extorting large sums to restore records . The potential magnitude of the financial rewards attracts criminals from across the globe looking to make easy money . Their attention is frequently drawn to the UK ’ s NHS as an increasingly vulnerable target . Its massive legacy infrastructure relies heavily on outdated software and protocols that lack the robust security features of modern technology . Many systems don ’ t benefit from regular updates or patches , leaving known vulnerabilities unaddressed and wide open to exploitation .
These inherent weaknesses have already been exposed in past cases such as Advanced , WannaCry , NotPetya and the 2021 Irish Health Service Executive . They highlight how staff and patients can fall prey to cyber attackers looking for ways into healthcare systems . These attacks are carried out through
HEALTHCARE NEEDS A HEALTHY NETWORK – AND ETHICAL HACKERS COULD HELP
www . intelligenthealth . tech 63