The Recent NHS Cyber Attack: Why Robust Cybersecurity is Vital for UK Healthcare

The recent cyber attack on Synnovis, a key NHS pathology provider, has spotlighted the dire need for stronger cybersecurity measures in the UK healthcare sector. Deemed the "most significant" cyber attack in the history of the UK National Health Service (NHS), the June 3 ransomware attack shut down seven London hospital systems, halting treatment, postponing critical operations, and threatening lives.?It underscores the urgent need for cyber preparedness in a particularly vulnerable sector.??

In this edition of 'The Sting of Security,' we break down this particular ransomware attack and provide tips on how to efficiently and effectively stem the rising tide of health sector cyber attacks in the UK and globally.

The NHS Ransomware Attack: What Happened?

The Russian ransomware gang Qilin, thought to be Kremlin-backed, infiltrated the computer systems at Synnovis, which provides blood pathology testing and diagnostics to two NHS trusts in London.

Major concerns:

• Business continuity. The attackers froze Synnovis' systems by encrypting information needed for the systems to run. As a result of the attack, which cyber experts are calling one of the most significant ever against the NHS, 4,913 acute outpatient appointments and 1,391 operations were disrupted, according to the NHS. Guy's, St Thomas', King's College and Evelina London Children's Hospitals are among those whose ability to provide services was severely impaired.?
• Protecting patient data and other sensitive information. Qilin downloaded private data for which it demanded a ￡40 million ransom. When Synnovis refused to pay, the group released on the dark web data from 300 million patient interactions with the NHS, including HIV and cancer blood test results for which the HIPAA Journal says individuals may now be subject to extortion.?The attackers also took spreadsheets containing financial arrangements between hospitals, practitioners, and Synnovis.?
• Protecting patient lives. The National Health Service in England was urging people with universal blood types to donate blood after the Synnovis attack disrupted hospitals' ability to match patients — underlining how cyber attacks can have severe and potentially life-threatening impacts.?
• Fines. Although no penalties or fines have been mentioned publicly against Synnovis or the NHS to date, providers as a whole whose cyber hygiene is found to be lacking may be vulnerable to penalties, including GDPR fines, should their systems and data suffer breach. ?

Why did it happen? Ciaran Martin, the founding chief executive of the National Cyber Security Centre, said after the attack that parts of the NHS's IT system are outdated and remain at risk of further attacks. He blamed the legacy systems, as well as a failure to identify vulnerabilities and conduct basic cybersecurity practices, as the leading reasons why the NHS cyber attack succeeded.??

Must-have cybersecurity measures in the health sector?

The health sector "lags far behind most essential infrastructure sectors … on research to understand the risks and develop specific plans to protect, respond, and recover from cyber attacks," The Lancet reports.?

It's time to catch up before cybercriminals catch you and your patients. Fortunately, protection is no mystery; security experts know what to do and how to do it effectively and efficiently. To get started, we recommend:?

Security awareness training

No specific cause for the NHS breach has yet emerged, but this much we know: human error accounts for 95% of all cybersecurity incidents, the World Economic Forum reports. ?

What to do: Hornetsecurity's next-gen Security Awareness Service trains employees using realistic spear phishing simulations and AI-powered e-training, heightening awareness of cyber security risks and threats. Employees learn effectively how to protect themselves and their company. The service is fully automated and easy to use.?

Multi-factor authentication (MFA)

Obtaining login credentials used to be an automatic in for intruders, but MFA makes it only half the battle. If the hackers don't have access to the second layer, such as the user's device or authentication app, they won't be able to get in. ?

What to do: Check and double-check all your systems and software to ensure that they're covered by MFA, preferably phishing resistant varieties, to block unauthorized entry into your systems and software.?

Robust backup and recovery systems

It's not a matter of "if" you'll be attacked, but "when," particularly in healthcare. Being able to recover swiftly—resilience—is key to minimizing costs, damage, and downtime.?

What to do: Modernize your backup system with Hornetsecurity's 365 Total Backup Solution. Among its features:?

• Automatic backup of Microsoft 365 data multiple times a day;?
• Protection from ransomware attacks and third-party disruptions via backup storage and security on Hornetsecurity infrastructure, independent of Microsoft;?
• Easy search and recovery;?
• Hassle-free, unlimited storage;?
• Centralized management; and?
• Data storage in local, secured, robust and redundant Hornetsecurity data centers, granting control over data jurisdiction.?

Data privacy and security protections

Robust security includes having safeguards in place for storing, accessing, and sharing sensitive personal health information.?

What to do: Adopt a zero-trust model with Hornetsecurity's 365 Permission Manager tool. Using it, you can:?

• Perform bulk actions to manage permissions at scale;?
• Use Quick Actions to fix permissions on multiple sites at once;?
• Assign out-of-the-box best practice policies, or create custom defined compliance policies for SharePoint sites, Teams, or OneDrive accounts;?
• Receive alerts for critical shares or policy violations; and?
• Use the Audit function to approve or reject policy violations.?

Assess your supply chains

Note that in this attack, the impacted hospitals themselves weren't breached, it was the supplier of pathology testing. No business today operates independently, and this is especially true in healthcare. Follow the steps above to ensure that "your house is in order" but also investigate your supply chains, understand their security posture, and plan for how your organization can continue operating if a critical supplier is impacted by a cyber attack.??

An ounce of prevention?

Don't wait for a crisis: get your check up and preventative care now. If you're in the healthcare sector, your organization is extremely vulnerable to breach by criminals emboldened by recent successes. Truly, it's not a matter of if your healthcare organization will be hit, but when.

Read more about the incident here.