Helping the health and social care sector avoid cybercrime headaches

Over the next few months, the SWCRC will be turning its attention to supporting those in the health and social care sector. Why? Healthcare has been increasingly attacked, with the Verizon DBIR (Data Breach Investigations Report) highlighting that the industry experienced a 71% increase in breaches or incidents in 2020.


Last year, the NCSC put out a specific alert warning the sector to be on its guard and its CEO Lindy Cameron recently reiterated the seriousness of the threat by saying, "ransomware almost certainly continues to represent the most likely disruptive threat to the health sector worldwide."


While the likes of primary care trusts tend to have good levels of protection, many of the smaller organisations such as dentists, opticians and independent care homes don’t have the same support as their counterparts, yet they carry the same type of highly sensitive data, so it’s easy to see how this plays into the hands of online attackers.


The healthcare sector encounters the same cyber security challenges other businesses must navigate; plus, other pressures unique to the industry. They have networks, databases and devices that connect to servers to protect, as well as having the responsibility of safeguarding private medical and financial details about patients and employees. They often also protect valuable intellectual property.


There are other hurdles that few other businesses have to deal with, notably the significant growth of the Internet of Things (IoT) in the last decade which has resulted in a huge proportion of medical equipment and applications now being web-enabled or connected to the organisation’s operationl network.



Ransomware’s frightening ability to cease patient care and operational systems means ransom payment demands are likely to be met. In May this year, the Health Service Executive (HSE) – the Irish health service - was attacked and had to cancel up to 80% of appointments in the days following. This month, the BBC was reporting that not all systems were not yet back online. The article paints a harrowing picture of how this impacted patients, with one having their radiation treatment postponed due to staff not being able to access data required to use the machine for it.


The sector is vulnerable, lucrative, and increasingly targeted. Yet there’s limited support for those whose participation is at the end of the chain – the independent businesses which take referrals, hold patient data, or operate as small businesses. And we know that much of the vulnerability to cybercrime comes from a lack of awareness and we’d really like to help with that, with free training, sound basic guidance, and regular updates on what to look out for.


Practitioners in the sector often have scarce resources, and naturally prioritise healthcare over cyber security. They don’t have time to research or find solutions for themselves, and this is where we can help.


The SWCRC is a police-led, not-for-profit organisation which helps small and medium-sized businesses in Cornwall, Devon, Dorset, Somerset, Wiltshire, Gloucestershire and Bristol build and improve their cyber resilience, with accessible support and guidance available through free core membership.


Think of us of as the nerve centre that steers business owners and decision makers in the right direction with simple and practical resources, toolkits and regular cyber updates, with the option of affordable services for more technical security investigations.


If you’d like to book an appointment to chat with us about your cyber security requirements, please don’t hesitate to get in touch.



The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South West is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others.  Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South West provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

 

The Cyber Resilience Centre for the South West does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South West is not responsible for the content of external internet sites that link to this site or which are linked from it.