Oliver Norman, Regional Vice President for UK & Ireland at Veritas Technologies, looks at why data protection should be a priority for the modern healthcare organisation.
With the new Labour government promising to build an NHS ‘fit for the future’, healthcare is set to feature heavily on the political agenda in the coming months. Budget concerns and the ever-increasing skills gap will no doubt take centre stage. However, whilst these topics are pressing and need to be addressed, so too does the issue of cybersecurity.
In the modern digital era, cybercriminals pose a threat to all industries. However, the healthcare sector is particularly at risk. This is unsurprising, given that many of the organisations that operate within this space handle vast amounts of sensitive patient data – including personal and medical records – day-in, day-out. If these records are stolen or tampered with, there could be serious, even life-threatening, consequences.
Just last month, over 1,000 planned operations and 3,000 outpatient appointments were postponed, thanks to the Synnovis cyberattack which impacted several London hospitals. According to the founder of the UK’s National Cyber Security Centre (NCSC), events such as this might become more frequent, given the NHS’s outdated infrastructure and security measures.
The impact of a cyberattack
According to research released last year, three in four (76%) healthcare organisations around the world have experienced a successful ransomware attack and two thirds (65%) have experienced data loss from other types of attack. Almost half (43%) of those organisations consider data security as their primary risk. This comes ahead of economic uncertainty (39%) and the adoption of emerging technologies like AI (32%).
When it comes to the NHS, which services the majority of the UK’s population, an attack feels personal. Its impact is not only widespread but potentially devastating. At a base level, cyberattacks can disrupt medical services and cripple hospital operations. This is because, when systems are down, essential patient information is inaccessible. This can delay medical procedures and compromise patient care. It can also increase the risk of medical errors and negatively impact treatment outcomes.
However, that’s not all. Cyberattacks also frequently result in hefty financial costs which the already budget-strapped NHS can ill-afford. Sometimes this is in the form of immediate ransomware payments, however, any prolonged downtime and recovery following an attack could also have an impact. Given the data that hackers usually target is the key to providing sometimes lifesaving treatment, it can be even more tempting to just pay up the ransom. However, paying doesn’t always guarantee that you will get your data back.
Another implication which isn’t always considered is the impact a cyberattack will have in terms of patient trust. A cyberattack in which malicious actors manage to access sensitive data can lead to a loss of confidence in an organisation’s ability to safeguard data and can seriously damage its long-term reputation. Take the 2017 WannaCry attack as an example. The attack disrupted services across numerous NHS hospitals and clinics, causing widespread cancellations of appointments and surgeries. The aftermath saw a decline in public confidence in the NHS’s ability to protect sensitive patient data. It is still often cited as one of the most infamous cyberattacks today.
Safeguarding patient data
In today's digital age, the question is not if a healthcare organisation will face a cyberattack, but when. With that in mind, those in the sector must be ready to mitigate the effects and recover quickly. Here are some ways in which healthcare organisations can protect their data from attackers:
- Implement a data backup and recovery plan to safeguard essential data and ensure business continuity. Backup processes should capture all critical data and be executed at regular intervals. Coupled with a swift recovery process, data backup and recovery help minimise downtime and ensure business continuity when data is lost due to malicious activities.
- Invest in cyber awareness training. Develop and implement an ongoing cyber awareness programme to educate the entire organisation on the latest cyber threats and the policies to avoid them. The programme should be continually updated to reflect emerging threats and remain a critical line of defense in identifying and thwarting potential cybercrimes.
- Deploying advanced security technologies like firewalls, anti-malware tools, and intrusion detection systems that use AI and machine learning for predictive threat analysis and response.
- Regularly stress test and break systems to identify where the weak points are. Often organisations – especially within the public sector – implement security strategies and then wait until an incident occurs to see whether their framework is effective. With the regularity of attacks in the current landscape, this cannot adequately anticipate the scale at which breaches are attempted.
Effective healthcare delivery depends on data. Without it, nurses and doctors wouldn’t be able to diagnose their patients properly, there would be no personalised treatment plans and we, as a society, would not be able to continue to innovate and develop the life-saving medicines of tomorrow.
Unfortunately, today’s attackers know this, and they are not afraid to exploit it. Whilst facing cyberattacks is inevitable for healthcare organisations, losing access to valuable patient data doesn’t have to be. Implementing robust data protection strategies and cybersecurity tools can significantly strengthen defence mechanisms, enhancing the healthcare sector’s ability to respond swiftly to emerging threats.
This article is sponsored by Veritas Technologies.
