With reports of a rise in cyber attacks about English NHS hospital trusts in 2016, it’s a reminder that although hospitals need to protect their patients and staff from viruses, not all viruses are physical. Hospitals need protection from digital viruses as well.
Research by the Ponemon Institute in America discovered that 94% of medical organizations in the United States had experienced cyber attacks in 2013. Attacks in the UK are not at this level yet, but 55 NHS hospital trusts suffered from cyber attacks last year, compared to just 16 the year before.
NHS Digital supervises the organisation’s cyber security. It claimed that the figures do not necessarily represent an increase in attacks, but an increase in reporting attacks.
However, WannaCry made the public realise how vulnerable the NHS can be, and it is right to fear that unless security is strengthened, the number of attacks will continue to grow.
Many NHS administration procedures still use paper, but more procedures are set to be computerised in the future, which will increase the risks of cyber attacks.
There are several steps that hospitals can take to protect themselves.
Employing more cyber security personnel and installing security systems costs money. Oliver Farnan of the Oxford Cyber Security Centre argues that the NHS does not spend enough on cyber security. He said:
“Money is only really spent on security once everything else is up and running and in place… it always comes second.”
Not all security measures cost a lot of money. Educating the workforce in order to establish a security culture can be achieved without breaking the bank. The staff need to think about security every day, and can be trained in how vulnerabilities arise.
Many threats come from ransomware that encrypts files and demands money to unencrypt them. If files are continuously backed up, any ransomware is all but ineffective.
Cyber threats are not confined to the computer systems that hospital staff use. Increasingly, staff use mobile devices and need to be aware of privacy and security issues that affect them. In most instances, mobile devices should not be able to connect to the main hospital IT network.
Most cyber attacks are not expected. As well as backups, recovery systems need to be installed. If a cyber-attack cripples the hospital IT system, a recovery plan should get the system up and running again in a matter of minutes.
In a busy hospital, at any one time there will be hundreds of staff, patients and visitors who have access to areas where there is computer equipment. Equipment needs to be secure so that computer towers and monitors cannot simply be lifted up and taken away by unauthorised persons.
With the NHS looking to become paperless by 2020, hospital administration is becoming increasingly reliant on IT systems, and like any major organisation, cyber security personnel need to protect the IT systems from unauthorised access and cyber attacks.
You can read our own WhitePaper on the risks within the NHS “The Security Superbug – Patient data leaks on the rise” here.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?Log in
Want to have an account with us?Register
Want to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.