Cyber security was thrust into the spotlight when a ransomware attack on a major NHS IT provider threatened to disrupt digital services such as patient check-ins and NHS 111.
A ransomware attack is where hackers take control of IT systems to steal data and demand a payment from their victims to recover it.
The firm at the centre of the attack refused to confirm whether it had negotiated with the hackers or paid a ransom. However, it did indicate it would take up to four weeks to recover.
The incident is a clear example of the potential damage and chaos that a cyber-attack can inflict and highlights the magnitude of cyber security.
THIS – at the vanguard of cyber security
The Health Informatics Service (THIS) is at the vanguard of cyber security for its host trust, the Calderdale and Huddersfield NHS Foundation Trust (CHFT) and 59 clients across the healthcare sector.
Its Cyber Security Team helps to protect approximately 15,000 devices used by 19,000 people working within CHFT and a spectrum of clients ranging from prison healthcare service providers to GPs’ surgeries.
THIS is the only NHS informatics service to hold three ISO standards relating to cyber security and data protection: ISO 27001 Information Security Management, 9001 Cyber Management and 20000-1 Information Technology Service Management. It is compliant with the NHS Digital/NHS England Data Security and Protection Toolkit (DSPT) and its cyber security training is NHS Digital/NHS England mandated.
To put its capabilities into context, in one two-month period, THIS’ host trust was the target of 46,600 phishing emails and 34,600 spam emails that resulted in 1,658 malicious websites being blocked, and the thwarting of 1,432 malware attacks.
Building up a security posture
How much protection a healthcare organisation requires depends on the amount and type of data it handles. Those dealing with patient data must be particularly well-prepared to handle a cyber-attack.
Paul Glover, of THIS’ Cyber Security Team, recommends the National Cyber Security Centre (NCSC) 10 steps to cyber security as a good starting point. It includes advice on the management of risks, assets, vulnerability, identity and systems access, training and data security.
He says: “Acquiring a good security posture doesn’t mean your organisation is completely impenetrable from a cyber-attack. It means the impact is likely to be less than if you’d done nothing.
“The other part of the equation is understanding that if, or when, you are attacked what is your response going to be? Are you prepared to think that far ahead? What does your incident response plan look like? And what does your business continuity plan look like? How are you going to keep running your organisation while it’s suffering from a cyber-attack?”
Back-up plan and incident response
Malware is evolving constantly. Paul Glover likens it to different variants of a virus and how symptoms can change with different mutations.
He says: “What antivirus protection used to do was look at the traits of a malware attack, such as its name and location. But what the creators do now is to create it so that it changes every single time it infects a PC.
“We use next generation antivirus software that looks at the behaviours of the malware instead of looking at the signature. So, if there is strange behaviour it quarantines or isolates that device rather than focusing on the specific signatures and qualities of the malicious piece of software. Modern antivirus firewalls, intrusion prevention systems, antivirus web security and email security help us to stay ahead of the game.”
Backing up data is an important step to keep it safe, as is having an incident response strategy to be as well prepared as possible.
Recognising the threat and where it comes from…
A common perception of a cyber security attack is one of the hackers breaking through firewalls to wreak havoc. But sometimes the threat can come from close to home.
Paul Glover: “There is a threat that comes from inside an organisation. NHS staff have access to some critical information. Someone could sell data or leak it to the internet.
“But it could happen unwittingly. Social engineering (the term used for a broad range of malicious activities accomplished through human interactions to trick users into making security mistakes or giving away sensitive information) is another big risk.”
Providing protection against cyber sabotage
The Cyber Security Team is part of THIS’s professional services division, which provides consultancy, training and learning products for the whole of the Information Governance arena.
In addition to its core services, THIS offers bespoke solutions tailored to the needs of each customer. It can combine a number of services into a package and discuss other service solutions that your organisation may benefit from.
Established in 2006, THIS is an award-winning digital healthcare and IT specialist. It is the only NHS informatics service to hold three ISO standards: ISO9001 (Quality Management), ISO20000 (Service Management) and ISO27001 (Security). It has more than 230 expert staff leading and helping the digital transformation of primary, secondary and third sector care. Its extensive knowledge of NHS systems and values are unrivalled and its digital healthcare services played a key role in Covid-19 pathology testing and vaccine roll-out during the pandemic.