Small and medium-sized businesses, such as medical suppliers and primary care providers, are being invited to apply for some of the £500,000 funding from the UK Government, to have consultancy and certification costs covered towards gaining accreditation under the official Cyber Essentials scheme. This includes training for phones, tablets, laptops or computers to be kept up-to-date, proper firewall usage to secure devices’ internet connections, and user access controls to manage employee access to services. The Department for Digital, Culture, Media & Sport (DCMS) announced this during London Tech Week, this year running virtually.
This comes after the National Cyber Security Centre (NCSC) identified a heightened cyber threat to the UK health sector due to the pandemic, with cyber crime groups attempting to steal sensitive intelligence, intellectual property and personal information from pharmaceutical companies and medical research bodies. The Wannacry malware of spring 2017 showed how vulnerable the NHS can be to cyber-attack.
DCMS Digital Infrastructure Minister Matt Warman said: “We know there is a heightened cyber threat for healthcare businesses at the moment so we are releasing new funding to help those playing a vital role in the pandemic response to remain resilient. I also urge all organisations to sign up to the government’s Cyber Essentials programme which contains a number of simple steps firms can take to get the fundamentals of good cyber security in place.”
And Paul Chichester, NCSC Director of Operations, said: “Protecting healthcare has been our top priority during the Covid-19 pandemic and we have been working hard to ensure organisations can keep themselves secure. While we will continue to support them, signing up to initiatives such as Cyber Essentials is an excellent way for organisations to help themselves.
“Those who have not already taken up this offer should do so – it will help ensure they have fundamental security protections in place, even in the most challenging of times.”
Comment
Ben Tuckwell, District Manager, UK & Ireland at the cyber firm RSA Security, said: “The healthcare industry is facing a higher level of attacks than ever before due to the disruption caused by the pandemic, and the value of its sensitive data has skyrocketed. According to RSA FraudAction intelligence, a batch of highly detailed healthcare data can sell for nearly 25 times more than a bank account login on the dark web. While taking advantage of the government’s certification and cybersecurity training is a great first step, it needs to be the first of many.
“At a time when many healthcare employees are still accessing data from home on less secure networks, healthcare firms need to go further to protect against cyber threats and manage digital risk. These organisations must be clear on the security protocols protecting their data and ensure robust identity access management is introduced, so critical data and applications are only accessible to the right people at the right time.
“Healthcare firms should also continue to regularly educate their workforces about the security threats they face, going beyond the initial training provided in the Government’s scheme. An informed workforce really can make a difference; all staff need to be able to spot and report potentially malicious activity so they can act like a shield against cyber-attacks.”
