Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Healthcare

With the rapid technological advancements and security incidents such as WannaCry, cyber security is one of the most talked-about topics in the NHS and other healthcare organisations

Read more
Complete this form to get in touch

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

From medical institutes, hospital trusts to research labs, new technology is evident to push better workflows. More systems are now interconnected, more devices are being used to offer better healthcare. This is also giving rise to the number of security concerns where either manufacturer, system integrators and/or the end clients are failing to perform security validation.

Digital health and care organisations must be prepared at all times given the frequency and constantly evolving nature of cyberattacks.

As per House of Commons review after WannaCry incident, widespread disruption to health services affected more than 1/3 of all NHS trusts. This includes cancellation of 20,000 appointments and operations. Globally, this incident affected 200,000 computers in at least 100 countries. 

Challenges

Healthcare industry is one of the biggest targets for cybercriminals. It's not entirely healthcare organisation's fault, partly due to the volume of attacks targeting this industry. It's lucrative to cybercriminals due to the large amount of sensitive information held by the NHS trusts, private healthcare, and other organisations in this sector.

Although some organisations are committed to patient privacy no matter what it takes, most healthcare organisations are behind in terms of a proactive approach to cyber security advancements. We have found that the most common challenges across the healthcare sector include:

  • NHS Trusts lacking proactive approach towards cyber security
  • Constant keeping up with new changes to infrastructure refresh, transformation and migration projects
  • Staff security awareness about cyber risks
  • Lack of segregation between environments is one of the easy invites for criminals. Due to the number of devices in a shared network, it takes only one vulnerability that when exploited paves way to a large number of systems or entire estate. 
  • Lack of strict processes designed to identify vulnerability, uncover suspicious behaviour and respond to malicious activities.
Does your organisation require Cyber Immunity?
Call Us Now

Are you prepared ?

What systems and controls are in place to decrease insider threats?

Insider threats are counted amongst the most significant cyber-risks in the financial services sector. Businesses tackling this issue regularly validate their controls around logical access controls, spear-phishing, threat intelligence and regular penetration testing. In addition to technical controls, staff awareness and understanding through training helps build security-conscious culture.

Is your business resilient to ransomware attacks?

Ransomware has quickly become one of the most dangerous cybercrime threats organisations are facing . Over the past two years, the number of organizations being hit with targeted ransomware attacks has multiplied as the number of gangs carrying out these attacks has proliferated. Paying the ransom does not guarantee that you will get access to your data and threat actors may assume that you would be open to paying ransoms in the future

How are you managing the risk of unsupported systems?

It's understandable that due to processes and procedures, and sometimes procurement challenges could delay the anticipated timelines for upgrades. In this scenario, is your organisation doing enough to make the target visibility smaller, restricting access to target on need only basis therefore, decreasing the attack surface?

It's more important to test these plans to ensure they are effectively shielding your unsupported systems from cyber attacks.

How do you process and store personal data of your clients?

The loss of client information can have a devastating impact on a sector that has confidentiality at the heart of its business. Firms storing sensitive information, third party data, transactional records are likely to be at a higher risk of data breach than a local high street firm. Therefore, it goes without doubt that secure information storage and processing practices would help minimise the attack surface.

Are there sufficient controls segregating medical devices, corporate and other environments?

Environment segregation based on defense in-depth principle is one of the most common weaknesses found during NHS trust reviews. It is important to provide need-only permissions; however it's equally important to segregate environments based on functional requirements. For instance, wireless networks and/or wired network segments used by medical devices may not be requiring access from corporate users. This must be validated and assessed by an independent third party consultancy.

Sector Experience

This section refers to specific projects' based experience in this sector. This includes assessments performed at NHS trusts, healthcare providers including pharmaceutical industry vendors.

Key benefits

✔ Internal Infrastructure involving password reviews, patching, and active directory security policy reviews

✔ Both Internet and Intranet Web Applications – Hospital Staff portals, Admin Portals, Patient information portals

✔ Wireless Security Assessments

✔ Corporate and Hospital Network Access Control Reviews

✔ Password cracking & analysis

Lets discuss your primary security concerns.
Call Us Now

Resources

NHS trusts spent an extra £152m on IT after WannaCry attacks

13/08/2019

Information obtained via a Freedom of Information request has revealed that NHS trusts spent an additional £151,940,223 on IT security in the aftermath of the WannaCry ransomware attack that brutally exposed the vulnerability of the UK's healthcare system to cyber attacks

UK Boosts Funding For Healthcare AI As Experts Warn Over Data Security

05/09/2019

The government has announced plans to set up a national artificial intelligence lab that, says health secretary Matt Hancock, will 'ensure that our NHS harnesses AI to develop cutting edge treatments, reduce pressure on staff working lives and ultimately save lives'.