14th October 2020
We have seen a huge increase in the number of cyber-attacks on healthcare organisations over the course of the last few months. This is very obviously linked to the pandemic with criminals targeting sectors that are vulnerable during such a period.
Earlier this year the UK’ National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Agency (CISA) issued a warning to all healthcare and medical research organisations about a large-scale ‘password-spraying’ campaign. Password spraying refers to an attempt to access large numbers of accounts using commonly known passwords. The advice given by the organisations was for staff to change any passwords that could be reasonably guessed.
In September there were unconfirmed reports that private healthcare organisation Universal Healthcare Services had its IT systems knocked offline in a suspected cyber-attack.
With such an increase in the amount and level of sophistication of cyber-attacks, targeting healthcare organisations, it is crucial that all in the sector focus on protecting themselves. Remaining proactive and ensuring that vulnerabilities have been patched is crucial. This can sometimes seem a daunting task, particularly during this pandemic, where rightly, all resources have been focused on giving the best possible service.
A recent Government announcement has maybe helped take some of the pressure off healthcare companies, certainly in terms of the cost of becoming more secure, with a £500,000 pot to help with the financial pressure.
Digital Infrastructure Minister, Matt Warman said: “We know there is a heightened cyber threat for healthcare businesses at the moment, so we are releasing new funding to help those playing a vital role in the pandemic response to remain resilient.”
The minister also encouraged firms to sign up to the Government’s Cyber Essentials Scheme which helps companies to ensure that the fundamentals of good cyber security practices are in place. The Cyber Essentials Scheme provides guidance on a number of areas including secure configuration, access control, malware protection, patch management, firewalls and internet gateways and more and can provide a really valuable tool for healthcare organisations.
“Healthcare organisations are under real pressure and are understandably fully focused on providing the best possible levels of care and front-line services,” said AJ Thompson, CCO at Northdoor.
“However, criminals are taking advantage of the pandemic and targeting companies that are likely to be vulnerable at this time – therefore healthcare organisations are fully in their sights. Therefore, the need to push cyber defences further up the priority list is crucial.
“We have seen healthcare organisations shut down as a result of cyber-attacks, with authorities in Germany saying that such a cyber-attack was responsible for the death of a patient forced to travel miles to another hospital after the nearest was unable to take them due to an attack.
“It is clear then that this is now more than a mere inconvenience but a matter of life and death. The more healthcare organisations can do to remain proactive in their defence the better. We would certainly encourage SME healthcare companies to look at the £500,000 pot and the Cyber Essentials Scheme to ensure that vulnerabilities are patched so they can continue to roll out the very best front-line services,” Thompson concluded.