- Security TWENTY
- Women in Security Awards
The biggest threat to healthcare is data breaches, says Katie Petrillo, Director Product Marketing, at the password firm LastPass by LogMeIn.
There is no debate about the fact that the NHS has had one of its most difficult years due to the COVID-19 pandemic. While frontline workers became heroes, there was also a huge surge in how technology is used across the sector. Now, everything is going online – from GP appointments and repeat prescriptions to the newer NHS Covid app to prove when you’ve been vaccinated. But it’s creating a new danger that could have a big impact on our healthcare service: data breaches.
Recent research found that breaches in the healthcare sector cost the most out of all those surveyed – over £6m per incident to be exact. In the past 18 months, the NHS has been splashed across the front page of the nation’s newspapers more than ever before, notably privacy concerns have skyrocketed as the health service announced a controversial data collection plan to share and collect health records. At the same time, we’ve seen cybercriminals increasingly focusing on targeting healthcare institutions in the hope of financial gains. With the latest NHS announcement, attackers have more to gain from a successful breach.
So, what does this mean for healthcare organisations on a daily basis? And what part do individuals have to play in securing their own data?
Does digital spell disaster?
Healthcare organisations and networks around the world have been at their most vulnerable during the pandemic, buckling and even failing under the massive strain of the unprecedented public health crisis. During these most challenging times the last thing any healthcare service provider needs is for the systems they rely on to fail. In May 2021 this became a terrifying reality as the Health Service Executive of Ireland suffered a major ransomware cyberattack that caused all its IT systems nationwide to shut down, rendering systems inoperable and putting thousands of lives at risk.
Alongside the all too real and ever-increasing cybercrime threat, the UK government continues with discussions and plans to implement a fully digital NHS. A major part of this transition involves making GP health data for everyone in England available to researchers and companies for healthcare research and planning. Unsurprisingly, there are significant concerns around the security and privacy of the data and NHS Digital has already pledged to address these concerns.
Regardless of whether a fully digital NHS becomes a reality, a cybersecurity storm is brewing, and action is required. An integral part of this is security education. As an organisation of caregivers the onus needs to be placed on individual employees – with the support of their employer – to play their part in keeping their patients’ data safe.
National health responsibility
Protecting healthcare services from cybercriminals desperate for personal data is a mammoth task and ongoing battle that should not be underestimated. Regularly backing up critical data and securing data with strong, unique passwords and multi-factor authentication places organisations in the best place possible if the worst was to happen. An often forgotten but critical part of data protection is robust password hygiene combined with MFA, after all it only takes one weak or easy to guess password for malicious actors to be able to gain unauthorised access to one or more systems and launch a ransomware attack. Adding MFA on top of Workstations and VPNs in addition to cloud and legacy apps is essential in order to ensure that only the employees that require access to sensitive information are granted access.
Finally, investing in a solution that offers dark web monitoring can prove invaluable, as dark web monitoring proactively notifies users when account credentials appear on the dark web. This allows protocols to be activated in record time, meaning employees can shut the door on a potential attack before it occurs, and the consequences are felt by the wider network.
Data breach on the go
Another hot topic in recent months has been the COVID-19 vaccination passport which is set to unlock the wider world with the return of international travel. Alongside this new freedom comes a great responsibility for users. Much like other important personal identification documents such as passports, driving licenses and bank cards, it is important that a proof of vaccination card is stored in a secure place.
A secure password manager is an ideal home for a COVID-19 vaccination card, these systems operate a zero-knowledge security model and use the strongest encryption available to keep data private, secure, and hidden. Much like we take responsibility for our own health, as citizens we should all be taking responsibility for our own digital identity, and this can be done by utilizing robust password hygiene and multi-factor authentication (MFA).
We all have a role to play in keeping our nation’s vital healthcare system cyber safe, by using strong password hygiene, MFA, taking advantage of dark web monitoring, and keeping our digital identity secure, healthcare services and individuals can be secure and patient data can be kept safe.