Check Point Software Technologies, a leading AI-powered, cloud-delivered cybersecurity platform provider, has issued a renewed warning to the UK healthcare sector that cybersecurity must be at the top of the list of priorities. This comes in the wake of a ransomware that affected over a hundred Romanian hospitals, with cybercriminals demanding substantial payments to restore the medical system. This incident is reminiscent of a similar attack against the NHS 111 service in 2022, which saw the free health assessment service go offline for several weeks.
The NHS is in a difficult situation in the face of prolific threats, exacerbated by recent IT budget cuts and inadequacies in the service’s cybersecurity landscape. The combination of old and new technologies has resulted in disparities in cyber-resilience across its infrastructure, and insufficient employee training and investment in cybersecurity technologies has left it exposed. Added to this is the rush of phishing campaigns that are happening every day, and with 90% of attacks originating from emails, it needs to be front of mind.
The latest Top Malware report from Check Point shows that healthcare is the third most targeted industry in the UK. Considering how disruptive a cyberattack can be on critical care services, the impact of a successful breach is arguably more impactful compared to other industries. That is why the sector needs to incorporate robust cybersecurity measures.
To address these issues, experts at Check Point have suggested healthcare providers incorporate the following four strategies to stave off the unrelenting cyber threat.
1. Invest in advanced cybersecurity solutions: The NHS must allocate resources for state-of-the-art cybersecurity technologies, including intrusion detection systems, advanced threat analytics and robust encryption protocols.
2. Don’t forget the basics of email security: While it is important to be aware of new sophisticated threats, we cannot ignore the familiar routes for entry. Email remains the most exploited attack vector, so it is important to have robust security systems in place that identify and remove malicious emails and links.
3. Regular cybersecurity training for staff: Given that human error is a common entry point for cyberattacks, continuous training programs for healthcare staff on recognising and mitigating potential threats are imperative.
4. Frequent security audits and updates: Regular assessments of the NHS’s digital infrastructure, along with prompt implementation of security patches and updates, are essential to mitigate vulnerabilities.
5. Collaboration and information sharing: Establishing partnerships with cybersecurity agencies, sharing threat intelligence and participating in collaborative efforts within the healthcare industry can enhance the NHS’s ability to pre-emptively identify and neutralise potential threats.
“The NHS stores the most sensitive data on millions of patients; information that fetches a huge price on the dark web. Added to the fact that disruptions to services puts people at risk, cybersecurity needs to be considered a number one priority for domestic healthcare, and not just identified as a major risk” said Deryck Mitchelson, Global CISO at Check Point. “There are significant gaps across a hospital’s security infrastructure, which includes some equipment running on obsolete operating systems that are vulnerable to hackers. The introduction of IoT medical devices has added a new dimension to the issue as internet connected devices create new vectors for cybercriminals to exploit, potentially putting patients in imminent danger.
“Only through continuous staff training, regular security audits and the implementation of advanced cybersecurity solutions can we ensure a secure future for the NHS and the wider healthcare ecosystem.”
Click below to share this article