Healthcare sector remains top target for cybercrime, as NCSC defends the UK health industry from over 700 cyber-attacks during pandemic

Cyber-security experts at Infuse Technology, an IT Managed Service Provider, have warned of the dangers of poor cyber-security hygiene within the healthcare sector, suggesting that failure to implement and maintain cyber-security measures might lead to “irreversible damage” as online pandemic predators continue to target the healthcare industry.

Following the WannaCry ransomware attack which brought the NHS to a standstill back in 2017, cyber-crime in the healthcare sector has continued to surge - with ransomware and phishing being the most prevalent vectors of cyber-attack.

The pandemic saw cyber-criminals up the ante in their targeting of the sector, with the National Cyber Security Centre (NCSC) defending the UK health sector from 60 attacks per month, totalling 723 incidents between September 2019 and August 2020 – up 10% from the year prior.

And cyber-criminals show no sign of slowing down their aggressive targeting of the healthcare sector, with Ireland's Department of Health and the Health Service Executive both being targeted by hackers in recent weeks. The “callous act” has seen substantial cancellations to outpatient appointments and caused major disruption to IT systems, affecting every aspect of patient care. The hackers reportedly demanded €20m (£14m) to restore services after the "catastrophic hack".

Healthcare providers worldwide hold a wealth of sensitive data – a highly valuable commodity and therefore an easy target for habitual cyber-criminal’s intent on exploiting the sector, often for monetary gain in the form of ransom payments or fraud. The much wider picture, of course, is the adverse impact this then has on patient care outcomes and long-term damage to the healthcare industry, including the financial impact of recovering from cyber-attacks and a decline in patient trust and safety, which in turn negatively impacts an organisation’s reputation and public perception.

Paul Howard, Managing Director at Infuse advises “The recent attack on the Republic of Ireland’s health service serves as a stark reminder to all organisations within the sector of the importance of implementing cyber-secure practices as a priority. The consequences can be devastating, and now more than ever cyber-security needs to be at the top of the agenda in order to build resilient organisations that safeguard patients.

Paul continues, “It’s crucial that healthcare organisations maintain and regularly update their cyber-security response as threats continue to evolve. By correctly training staff and taking collective measures to implement preventative measures such as regular auditing of cyber-security policies and protocols, healthcare providers can take the necessary steps to protect themselves from digital security threats, and thwart the attempts of exploitative cyber-criminals.”