The NHS is planning to bring ethical hackers on board to monitor the threat landscape, a move that could ultimately benefit health care generally.
In a bold move to shore up questionable cybersecurity measures, the NHS is set to inject £20 million into a central cybersecurity unit of ethical hackers.
This move appears to be rooted in principals of attack being the best form of defence, bringing skilled hackers into the ranks to actively look for threats.
NHS cybersecurity is a problem that has become critical in the past year due to the debilitating WannaCry ransomware attack, with other data breaches preceding it.
Health care nationally is planned to benefit from the initiative, NHS Digital said: “a national, near real-time monitoring and alerting service that covers the whole health and care system,” as reported by The Times.
Anthony Chadd, Head of EMEA Security Solutions, Neustar, said: “Our National Health Service staff provide a world-class service to patients across the UK each and every day. And we back such decisions to match this dedication with investments in cybersecurity – such as this new operations centre – to protect its critical systems and sensitive patient data from the threat of hackers… While the NHS wasn’t the direct target, the recent Wannacry attack showcases the devastating effect a cyberattack can have on essential healthcare services.”
The NHS was reduced to pen and paper systems in the wake of WannaCry, leading to thousands of people in need of care experiencing disruption. It could even be considered that life may have been endangered by such an attack.
Rob Bolton, Director and GM, Western Europe, at Infoblox, said: “Our recent research found that 1 in 4 UK healthcare IT professionals do not feel confident in their organisation’s ability to defend against a cyberattack after the devastation caused by WannaCry, therefore the news that NHS Digital is investing in a devoted cybersecurity unit is incredibly welcome.”
Public sector spending for digital defence has increased in light of the advanced and frequent threats the world is facing. This represents an encouraging improvement in general cybersecurity awareness, with GDPR now bearing down, less than 200 days away.
Oz Alashe MBE, CEO of cybersecurity training platform CybSafe, said: “The NHS is a potential goldmine for cyber criminals: medical histories, personal information, and address details can easily be used to commit identity fraud and other financial crime. But as WannaCry proved, it’s not only people’s privacy on the line- in some cases, it’s the institution’s very ability to function. The operative damage that an attack against the NHS can cause means that the health service isn’t simply a target for cybercrime- more worryingly, it’s also a target for cyberespionage.”