NHS trusts need to rethink their cyber security measures in light of the continuing attacks on the Ukraine by Russian soldiers, experts have warned.
Concerns were voiced by industry leaders after it was revealed by the Health Service Journal (HSJ) had seen a leaked email sent to NHS trusts by NHS England chief operating officer, Sir David Sloman, advising them to ensure their IT systems were ‘patched and protected’ and that ‘immutable back-ups are in place’.
To spot vulnerabilities, cyber security that leaves no blind spots will be critical
Despite no specific threats to the UK from Russia, the National Cyber Security Centre has noted a ‘historic pattern of cyber attacks on the Ukraine with international consequences’.
And further guidance is expected to be released this week to ensure the NHS does not fall victim to cyber criminals.
Last week Health Secretary, Sajid Javid, said the UK was enhancing cyber resilience in health and care, backed by more than £300m of investment since 2017.
But the health service still remains an attractive victim for hackers, due to the high-risk, high-value nature of the data it holds.
Speaking to BBH this week, Keiron Holyome, vice president of the UK, Ireland, and the Middle East at BlackBerry, said NHS trusts and suppliers would need to play a part in ensuring end-to-end security.
He added: “As the NHS urges hospitals to reinforce cyber security amid the current international conflict, many in healthcare will remember the devastating effects of the WannaCry ransomware attacks.
“Ransomware can use any poorly-protected endpoint to enter and cripple a system, holding sensitive NHS data to ransom with the risk of its release to the dark web or beyond.
“To prevent attacks, healthcare organisations must ensure that every device is safe, reliable, secure, and safety certifiable.
“Everything from staff computers to IoT-connected medical devices such as ventilators or robotic surgery arms.
To ensure new devices don’t become an entry point for attackers, it’s important that security is built into products in the supply chain
“To spot vulnerabilities, cyber security that leaves no blind spots will be critical.
“AI-based threat prevention and the enabling of a zero-trust security environment which continuously validates that trust at every event to authenticate users is vital.
“And, to ensure new devices don’t become an entry point for attackers, it’s important that security is built into products in the supply chain.
“Manufacturers who create medical devices need to use a software foundation specifically designed for secure connectivity.
“Embedded software solutions help medical device manufacturers achieve this innovation. They also need to be able to rely on training, back-up, and managed services to connect with security professionals at every turn.”