View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Comment
August 15, 2022

Data security is the best way to safeguard sensitive NHS services from cyberattacks

The UK National Health Service (NHS) and its data processors must implement better data security measures to protect patient data.

By GlobalData Thematic Research

Last week, UK National Health Service (NHS) service provider Advanced experienced a ransomware attack. The attack affected the NHS’ 111 service and the Caresys and Carenotes software used for patient notes and visitor booking.

Free Whitepaper
img

Never Trust, Always Verify: Is Zero Trust the Next Big Thing in Cybersecurity?

Cyberattacks continue to rise every year and no sector seems to be immune. Hackers target sensitive information such as organizational, client, and financial data, as well as intellectual property (IP) and proprietary functions. As digital transformation becomes a top priority for many organizations, traditional perimeter-based security models are no longer sufficient to address the growing cybersecurity concerns. Against the backdrop, enterprises explore zero trust as it takes a micro-level approach to authenticate and approve access at every point within a network. Reasons to read: The cybersecurity landscape is swiftly changing, and businesses need more awareness to meet the evolving change. The report highlights the current state of play and the future potential of the zero trust approach in cybersecurity to protect critical digital infrastructure of enterprises across sectors such as financial services, healthcare, telecom, and transportation, among others. Read our report and gather insights on the following topics:
  • Traditional vs zero trust protection
  • Key advantages and solution providers
  • Major industries and key players
  • Drivers and challenges
  • Top funded startups and Mergers & Acquisitions
  • Implementation challenges
by GlobalData
Enter your details here to receive your free Whitepaper.

The National Cyber Security Centre (NCSC) and the Information Commissioner’s Office (ICO) are working with Advanced to understand the impact of the attack. Advanced refused to comment on whether patient data had been stolen, but ICO involvement suggests that there is a significant risk to personal data.

In 2022, ransomware attacks on large organisations with distributed operations are almost inevitable. The NHS and their data processors must implement better data security measures to protect their most sensitive asset—patient data. This means that if attacks occur, data is protected, the rewards for malicious actors are limited, and operations are less disrupted.

Patient data theft is a possibility

Following the recent attack on Advanced, patient data loss has not been ruled out. Ransomware attacks work by infiltrating computer servers using malicious software and encrypting data. The malicious actors will demand a ransom fee to decrypt the data, but there is no guarantee that this will be done once the ransom is received.

The ransomware attack on Advanced affected the Carenotes electronic patient records, causing a ‘system outage’ that could last up to three weeks, leaving nine mental health trusts without access to patient data. Similarly, the attack hit the Advanced Adastra system that is used by 111 employees to dispatch ambulances, which could cause potentially dangerous delays.

There is a risk that if the ransom is not paid, the malicious actors behind the attack could release confidential patient data on public forums in exchange for money.

Cyberattacks are devastating for public services

The NHS is no stranger to ransomware cyberattacks, having suffered a widescale attack in 2017 called ‘WannaCry’. The attack had a detrimental effect on the NHS, affecting hospitals and GP services across the UK. It was estimated that 80 trusts, 603 primary care departments and almost 600 GP practices were affected.

Appointments and operations were cancelled as staff were unable to access patients’ historical medical records. Staff resorted to using paper and pens and personal mobile phones to record patient details.

Data security services are the solution

Between 2020 and 2025, GlobalData forecasts that cybersecurity spending by healthcare providers and payors will grow at a compound annual growth rate (CAGR) of 8.1% from $4.59bn to $6.77bn. Given its history, the NHS needs to make strong data security a strategic priority. This preventative cybersecurity measure protects data at rest and in transit, even if a bad actor does infiltrate the system.

This week, data security and data loss prevention start-up Nightfall AI raised $40m in series B financing. The company monitors data flows in and out of applications, using machine learning algorithms to classify whether data is sensitive or personally identifiable information (PII). The dashboard supports automated workflows and automatic responses to potential breaches. This service is essential, as cyberattacks increase in their scale and ferocity.

While cyberattack attempts are somewhat inevitable, full-scale disruption, infiltration, data loss and service loss are not. The NHS and other public services should have a full-stack cybersecurity strategy with both reactive and preventative measures, and should deploy data security measures as an absolute priority to protect the swathes of PII and sensitive health information that they process.

Related Companies

Free Whitepaper
img

Never Trust, Always Verify: Is Zero Trust the Next Big Thing in Cybersecurity?

Cyberattacks continue to rise every year and no sector seems to be immune. Hackers target sensitive information such as organizational, client, and financial data, as well as intellectual property (IP) and proprietary functions. As digital transformation becomes a top priority for many organizations, traditional perimeter-based security models are no longer sufficient to address the growing cybersecurity concerns. Against the backdrop, enterprises explore zero trust as it takes a micro-level approach to authenticate and approve access at every point within a network. Reasons to read: The cybersecurity landscape is swiftly changing, and businesses need more awareness to meet the evolving change. The report highlights the current state of play and the future potential of the zero trust approach in cybersecurity to protect critical digital infrastructure of enterprises across sectors such as financial services, healthcare, telecom, and transportation, among others. Read our report and gather insights on the following topics:
  • Traditional vs zero trust protection
  • Key advantages and solution providers
  • Major industries and key players
  • Drivers and challenges
  • Top funded startups and Mergers & Acquisitions
  • Implementation challenges
by GlobalData
Enter your details here to receive your free Whitepaper.

NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Get important industry news and analysis sent to your inbox
I consent to GlobalData UK Limited collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU

Thank you for subscribing to Hospital Management