Further investment needed to defend NHS against growing cyber threats, researchers warn

By | July 5, 2019

With facilities around the world turning to technology in the hope of easing increasing pressures, healthcare is becoming a prime target for hackers.

Only last month, four hospitals in Romania were hit by cyberattacks, with the ransomware believed by experts to have spread through emails with infected attachments disguised as invoices and plane tickets, creating disruption and slowing down admissions and discharges.

Unless measures to strengthen cyber resilience are taken, this risk will only continue to grow, researchers from Imperial College London caution in a new paper that looked at the NHS in the UK, published this week.

WHY IT MATTERS

“This report highlights weaknesses that compromise patient safety and the integrity of health systems, so we are calling for greater investment in research to learn how we can better mitigate against the looming threats of cyber-attacks,” said former health minister Lord Ara Darzi, who led the team of researchers from the Institute of Global Health Innovation.

Prioritising investment in cybersecurity is needed to ensure the NHS does not remain a “vulnerable target” for hackers, they add, given the “highly heterogeneous and inconsistent” IT ecosystem.

Furthermore, even after the WannaCry attack, estimated by the Department of Health and Social Care to have cost the NHS £92m, there is no complete list outlining all hardware and software used across the NHS. 

Meanwhile, the use of outdated systems and the lack of skills, with difficulties in recruiting highly-trained cybersecurity specialists, pose additional challenges. 

“Since the WannaCry attack in 2017, awareness of cyber-attack risk has significantly increased,” said Dr Saira Ghafur, lead author of the report. “However we still need further initiatives and awareness, and improved cyber security ‘hygiene’ to counteract the clear and present danger these incidents represent.

“The effects of these attacks can be far-reaching – from doctors being unable to access patients test results or scans, as we saw in WannaCry, to hackers gaining access to personal information, or even tampering with a person’s medical record,” Dr Ghafur added.

The researchers also warn that security needs to be built “into the design” of emerging technologies now starting to be used in healthcare, including AI, robotics and implantable medical devices. In the US, the Food and Drug Administration issued an alert last week warning that hackers could remotely access and control some insulin pumps – which have been recalled – from Medtronic.

ON THE RECORD

The beginning of July saw the NHSX unit be officially launched, and researchers from Imperial hope this will “help streamline cybersecurity accountabilities” for the health service. 

In a statement, an NHSX spokesperson told Healthcare IT News:

“The NHS is determined to keep its systems safe from cyber attack [sic] and every part of the NHS is given clear direction to protect their own systems and the information they hold whilst nationally cyber defences are in place, led by NHS Digital working closely with the National Cyber Security Centre.

“There is still much to do, which is why an extra £150m is boosting hospital defences alongside a national deal on Microsoft licences and NHSX will be setting national strategy and mandating cyber security standards so that local NHS and social care systems have security designed in from the start.”

News from healthcareitnews.com