Healthcare organisations in the UK are already experiencing 785 cyberattacks a week. Following recent supply chain incident that impacted the NHS, Check Point calls for suppliers to do much better when it comes to cybersecurity
Deryck Mitchelson, Field CISO at Check Point and former NHS Scotland CISO, is warning the UK’s healthcare sector that it is facing an average of 785 weekly cyberattacks and urges for it to take a preventative approach to cybersecurity. This comes after a recent supply chain incident that impacted the NHS 111 system and its critical patient management software which is used across multiple trusts. According to Check Point’s 2022 Mid-Year Report, healthcare organisations experienced a 69% increase in cyberattacks worldwide, when compared to 2021.
Supply chain incidents are all too common in healthcare as the sector is reliant on a complex array of in-house and third-party services which only increases the attack surface. This attack surface has grown even further post-pandemic with the accelerated adoption of more IoT Devices, new service management apps and digital consultations. There are also many medical devices that run older operating systems, which can be easily compromised with ransomware.
The risk of cyberattack has been increasing for a long time, especially with the proliferation of fifth generation (Gen V) attacks which many companies, including healthcare, are not set up to deal with. Gen V attacks are characterized by the fact that they are highly sophisticated and multi-vector, enabling them to infiltrate large numbers of organisations. However, it is possible to prevent them from reaching your network.
Deryck Mitchelson, Field CISO at Check Point, and former NHS Scotland CISO, commented: “Healthcare now has such a dependency on digital technology from electronic health records, scheduling and admissions to scanners, x-rays, and laboratories, that an outage can have a direct impact on the life and death of patients. As the NHS recovers from the Covid-19 emergency footing, it is now at its most vulnerable to cyberattack.”
“Defending a broad infrastructure is not an easy job but the sector, including its suppliers, absolutely needs to be on critical alert for a major cyberattack. There are steps that can be taken now, whether that is engaging more with people on the ground or by implementing effective solutions to secure all endpoints and prevent even the most sophisticated threats.”
If healthcare organisations can adopt a prevent-first cybersecurity strategy and follow best practices, the likeliness of being hit by a severe cyberattack will be significantly reduced. Best practices include using strong passwords, multi-factor authentication, updating software regularly, network segmentation and proper offline backups of critical business information including a recovery plan in the event of a worst-case scenario.