We’ve mentioned MANY times that in the broad topic of Cyber Security, Cyber attacks are indiscriminate. No matter how small or large the target, you are still at risk of one.
However, when attacks are starting to occur repeatedly on a specific business or organisation, there can be lessons learnt in why it happens and how to avoid it.
In this blog, we’ll discuss a trend in cyber attacks on the NHS that has lasted for years.
NHS Cyber attacks trend
For decades, the UK’s NHS has been a template for how to do socialised healthcare right. It has provided Government-funded, taxpayer-backed healthcare to billions of citizens and helped to show the world how healthcare can be made accessible to everyone, regardless of wealth.
However, over recent years, the NHS has faced many challenges. As the service grew and became the backbone of the UK’s healthcare market, it has had to contend with the problems that arise from being relied upon by so many people. From vast backlogs of patients waiting for treatment to staff shortages, the organisation now has many obstacles to overcome.
This was certainly not helped by the Covid-19 pandemic back in 2020. To further support my point, this is when we saw a large increase in the number of cyber attacks in general, due to more people working from home remotely at the time.
One of the issues that has arisen more recently is the NHS’s cyber security issues. Over recent years, the NHS has suffered a series of cyber attacks, including one on a key supplier that caused widespread outages across the organisation.
But why is the NHS suffering from these Cyber attacks in the first place?
Yes, it’s true, the NHS is a massive governmental organisation, therefore, you wouldn’t expect it to be vulnerable to cyber attacks right?
While the NHS is still taking proactive measures to better its Cyber security, the unfortunate truth is that there are several reasons that explain the organisation’s vulnerability.
Let’s take a look at a few of these reasons below.
The High Value Of The NHS’s Data
As an organisation that provides life-saving healthcare services and is becoming increasingly digitalised, the NHS has a lot of highly sensitive information on its patients. This includes healthcare records, contact details and financial data for patients who have to cover private costs, such as prescription fees.
With so much high-value data to protect, the NHS is a potentially lucrative target for Cyber criminals. This is why so many have attacked the organisation and its suppliers over the past few years.
A Lack Of Internal Cyber Security Expertise
While the NHS has many skilled healthcare professionals, it’s struggled to attract high-value cyber security experts away from the lucrative private sector. There’s already a skills shortage within the IT landscape, and so the NHS has faced many challenges when trying to hire the experts needed to shore up its cyber security procedures and extensive IT infrastructure.
As a result, we strongly encourage that employees in ALL businesses are trained in Cyber Security practices.
Additionally, governmentally backed schemes such as Cyber Essentials can help a business gain recognition with customers as it shows you take cybersecurity seriously.
Limited Resources
Whatever you think of the NHS, you’ve got to admit that the organisation has always been adept at doing a lot of vital work with limited resources. As a government-funded organisation, it has to cope with constantly stretched budgets and a regular influx of new patients.
Healthcare is a crucial industry, so it’s impossible for the NHS to turn away anyone who needs support, but providing them with the care they need can be challenging with limited resources.
With budgets stretched across the NHS, it’s understandable that Cyber security perhaps might not be a major focus. In 2018, it was revealed that some NHS trusts spend as little as £250 per year on Cyber security, showing the lack of resources devoted to this particularly important sector.
Over recent years, as the NHS has become more digitalised and connected, cyber security is in even higher demand across the service, but budgets remain tight as some trusts battle to pay for everything they need to provide the life-saving care their patients require.
Slow Take-Up By The Organisation And Government
Cyber security is a key part of any organisation, but the UK government and the NHS’s leadership have been slow to realise how crucial it is to the healthcare service. With the push to digitalise records and introduce new technologies to help relieve the massive backlogs the system faces, the NHS has failed to implement robust cyber security measures that will keep the organisation’s data and IT infrastructure safe.
Recently, the UK government announced that it would be devising a new cyber security strategy for the NHS, which would be released shortly and would be implemented over the coming years.
While this could be a great success, it does highlight how slow the government has been in realising the importance of a cutting-edge cyber security plan for the NHS, despite its increasing focus on technology in the organisation.
Constant Cyber Security Developments
Keeping up with the latest developments in the Cyber security landscape is hard work for even the most well-funded major corporations. As such, it’s understandable that the NHS, which is chronically underfunded and has extensive delivery targets to meet, would struggle to keep up and deal with new issues.
As AI tools make it easier for scammers to develop malicious code and potentially penetrate security barriers, there are even greater threats for all organisations, and these will be intensified in the near future.
So, the NHS needs to not only fortify its existing protections but also protect itself against the new vulnerabilities that could put it at risk of a cyber attack in today’s digital market.
This image below is a great example of how ChatGPT could be used to write full-blown letters/emails that seem believable. The advantage of scammers doing this is that it will remove the chance of a victim spotting a human error such as a grammar or spelling mistake.
We’ve actually made a blog about how AI is being exploited by scammers to launch more sophisticated phishing attacks, which you can read about here.
Conclusion
While the government’s upcoming cyber security strategy should help to drive a greater understanding of and focus on the issue within the NHS, it will need to be adapted regularly to deal with the many new technologies and issues the market is facing.
So, the NHS will require ongoing work to ensure that it catches up with today’s cyber security requirements and stay on top of new ones that will occur over the coming months and years.
We hope you’ve liked this blog and that you’ll stick around to see our future releases, covering everything from recent IT News to Knowledgebase articles. Thanks for reading!
