The healthcare sector is critically exposed.
It’s increasingly finding itself in the crosshairs of a digital war, threatening patient care and digital security. In 2023, the sector saw a consistent month-over-month increase in attack attempts and UK healthcare has been identified as a ‘prime target’ for Russian hackers.
In fact, Eastern Axis enemies, including China and North Korea, are making a habit of going after healthcare providers in search of sensitive data. Yet, these attacks are not just about data breaches or financial gains. It’s a calculated assault on public trust. Nation state threat actors want to destabilize economies, sow discord and cripple entire societal systems. This is the real threat of cyberwarfare.
Armis research shows 42% of UK IT leaders surveyed in healthcare organizations are concerned about the impact of cyberwarfare. Of these same leaders, 33% also stated geopolitical tensions with China and Russia have created a greater threat of cyberwarfare. Make no mistake, it’s become a matter of ‘when’ rather than ‘if’ an act of cyberwarfare will strike every corner of the NHS’s defenses.
Healthcare in a Critical Condition
It often feels like the NHS is running on life support. The UK healthcare sector is known for being understaffed and under-resourced, with 41% of surveyed UK IT leaders working in the healthcare sector in the Armis report admitting their company hasn’t allocated sufficient budget for cybersecurity programs.
What’s more, the sector still relies on legacy technology and end-of-support (EoS) Operating Systems (OS). There’s millions of medical devices in NHS Trust hospitals across England that are either incapable of running security software or rely on EoS versions.
The rapid advancement of AI has also allowed state actors to better circumvent the sector’s aging infrastructure with ease, weaponizing it to amplify their ability to cause harm. AI has merely supercharged the volume and impact of cyberwarfare on the sector. The dark web has made it even easier for these bad actors too, as they no longer require sophisticated technical skills to initiate an attack. In its current state, healthcare defenses are struggling to keep pace with evolving tactics.
Even those within the sector that are modernizing and migrating to cloud-based infrastructure, could fall victim to malicious actors linked to Russia’s Foreign Intelligence Service (SVR) which are adapting their techniques in response.
These threats have led to 45% of UK organizations believing Russia poses a greater threat to global security compared to China. However, MPs also warned that unchecked Chinese hacks, like those aimed at obtaining UK health data, have left China as a national security threat to the sector too.
We’ve now reached the point where the UK public has little faith in the cybersecurity of the NHS. Research from NHS England shows that four out of five patients believe that NHS systems are vulnerable to cyber-attacks, with almost half (49%) strongly believing that the NHS could make mistakes in handling their data.
Combine this with the fact that UK IT leaders say the government can’t be trusted to defend businesses against cyberwarfare, and you realize the sector is in a critical condition.
Visibility is Key
The first step to enhancing healthcare cybersecurity is moving from a reactive approach to a more proactive one. The promise of additional funding has been a good start, with the UK government announcing plans to provide the NHS with £6bn to invest in new technology and digital transformation.
Other broader “brushstroke” solutions like the Department of Health and Social Care’s (DHSC) work with various stakeholders to achieve cyber resilience by no later than 2030 are steps in the right direction.
However, the threat is present and the sector continues to see a barrage of attacks. Many healthcare cybersecurity teams are faced with a deluge of data, a mounting pressure to maintain constant vigilance and a lack of resources – there’s a need to keep solutions simple. As is often the case, the simplest solutions can be the most effective.
One such solution is being able to ‘see’ the entire attack surface. After all, you can’t protect against what you can’t see. With over 55,000 physical and virtual assets connected to organizational networks on any given business day, only 60% of these assets are monitored, leaving an average of 40% unmonitored, according to Armis research.
With increasingly connected healthcare systems comes a bigger attack surface, and devices such as nurse call systems, infusion pumps and even medication dispensing systems are all at risk.
Achieving full visibility across the entire attack surface and managing the cyber risk exposure allows healthcare providers to identify and mitigate vulnerabilities before they’re exploited.
Therefore, to ‘see’ the attack surface, the right tools must be implemented, as they’ll help keep both physical and virtual assets secure and patient health information (PHI) systems safe, so the medical devices closest to patient care can operate uninterrupted and uncompromised.
Building a Robust Cybersecurity Posture
Cyberwarfare demands a multi-pronged approach, particularly for a sector as complex and critical as healthcare. While complete visibility is essential, other solutions must also be implemented.
Relying solely on legacy technologies and manual security processes, like so many healthcare organizations are, is the equivalent of bringing a knife to a gunfight. Security leaders must use AI-powered early warning systems to detect vulnerabilities, attacks and breaches before they materialize. AI and machine learning platforms can scan the dark web, whilst setting dynamic ‘honeypots’ for bad actors to help proactively mitigate and monitor threats.
This actionable cyber intelligence allows organizations to detect and address real-time threats across the entire attack surface.
However, it’s not always feasible to integrate new solutions to legacy technologies or upgrade EoS operating systems, as disrupting care networks and incurring massive costs for implementation is often not an option for the NHS. Fortunately, there are alternative, more affordable and simple solutions.
Network segmentation can create barriers between critical systems and older devices, limiting the damage from a potential breach. Implementing stronger passwords, regular firmware updates and access controls helps build towards a more robust cybersecurity posture.
Lastly, healthcare organizations must take control of their data. It’s often something that nation-state actors and other cybercriminals are after, so better organizational data security will improve patient safety and trust. Improving data management is key and is also another simple solution that any healthcare organization can implement immediately, using readily available UK government resources like the Data Quality Framework or the DHSC’s cyber resilience strategy as guidance.
Defending the Frontlines
Cyberwarfare is a growing threat to patient care. Increased awareness and investment in healthcare cybersecurity is no longer optional. It’s a necessity. Weak cybersecurity defenses are a prescription for disaster. Nation-state actors are infiltrating this critical sector, exploiting the weaknesses and we must act now to safeguard the nation’s critical infrastructure, patient data and ultimately, its people.
Additional funding will help but it’s not the silver bullet solution to healthcare’s problems. The industry must embrace a multi-pronged approach that prioritizes cyber resilience, implementing best practices and investing in solutions that help organisations gain complete visibility of its ecosystem. After all, the evolving threat landscape requires a more nuanced approach to vulnerability management.
Robust cybersecurity must now be considered an integral part of the care process. Failure to act will leave the sector – and the nation – in jeopardy.