On Thursday 11th August, it was revealed that the NHS had been targeted by a large-scale ransomware attack with suspicions that attackers were aiming to obtain patient data. The cyberattack subsequently impacted numerous critical healthcare services including ambulance dispatch, out-of-hours appointment bookings, and NHS 111 operators, multiple mental health providers, and patient medical referrals.
This event is just one example of a wider problem taking place involving ransomware and cybercriminal groups heavily targeting the healthcare sector on a global scale. According to reports, cyberattacks onto global healthcare institutions increased by 90 per cent from April to June of this year when compared to the first three months of 2022.
Nic Sarginson, Principal Solutions Engineer at Yubico, comments on how the UK healthcare sector can effectively mitigate the risks brought on by emerging ransomware attacks and the general cyberthreat landscape:
“The healthcare sector is one of the most heavily targeted industries by cybercriminals. Since the start of the Covid-19 pandemic, UK healthcare providers have implemented the use of remote and virtual services to support increased access and wider exchanges of electronic medical data. However, this has led to widening security gaps within their digital infrastructures, making medical providers susceptible to potential cyberattacks.
“Medical services and healthcare providers also have unique challenges when it comes to reinforcing the protections of their digital infrastructures and online networks. With the safety of patient data and potential lives at risk, the sector is in serious need of new government regulations to improve industrywide standards and drastically enhance current cybersecurity practices.
“Traditional usernames and passwords have proven to serve little protection against common credential-stealing tactics seen today, including phishing, SIM swapping, man-in-the-middle (MitM) attacks, and accounts takeovers. Healthcare facilities should consider alternative user authentication measures like passwordless, strong two-factor authentication (2FA), and multi-factor authentication (MFA) solutions, which have proven to be the most effective options for business-wide cybersecurity. These solutions are user-friendly and bridge the gap between internal and external user authentication. In fact, FIDO2 Security Keys are now viewed as the gold standard when it comes to phishing resistant authentication, mandated by standards bodies and even governments.
“Cybersecurity is more important than ever as major cyberattacks onto UK healthcare systems continue to reach new records each year. It is imperative that key stakeholders and government regulators do more to protect patients and their medical data throughout the UK by reinforcing cybersecurity strategies. Only with thorough planning and implementing effective cybersecurity and modern authentication solutions will the UK’s healthcare sector have a better chance of protecting itself from powerful and emerging cyberthreats.”