Tackling cybersecurity issues in healthcare
Open Access Government
Data held within the healthcare sector is particularly sensitive. Cybercriminals looking to capitalise on a compelling mix of valuable data and vulnerable security systems may find prime targets among healthcare organisations. To mitigate the risk, security measures must include strong authentication methods, employee training and communication, and an extension of cybersecurity measures to the organisation’s supply chain.
In healthcare, computer systems hold sensitive data, while also supporting the organisation in providing a standard level of care to patients – making the sector a prime target for extortion attempts. In 2017, the WannaCry cyberattack affected thousands of computers around the world, including those used within the NHS. Some computer systems were paralysed as hackers demanded ransom payments to release encrypted data.
The impact of this attack was substantial. In October 2018, the Department of Health & Social Care released an update, which reported that the cyber incident disrupted services across a third of hospital trusts and around 8% of GP practices. The cost, while difficult to calculate comprehensively, was estimated at approximately £19 million of lost output. The estimated total financial impact reached £92 million, which included IT costs both during and after the attack.
Emails provide an entry point to hackers
Phishing, whereby a cybercriminal presents themselves as a legitimate organisation or individual in order to trick a target into action, is a common form of attack on organisations across all sectors. Emails are often used as...