NHS Scotland must be on ‘high alert’ amid rise in ransomware attacks, warns cyber boss
NHS Scotland “needs to be on high alert” amid a “huge increase” in the number of attacks on the healthcare sector, a cyber boss has warned.
Deryck Mitchelson, chief information security officer at global cybersecurity firm Check Point, said he fears that 2022 will see a “major cyber attack” on the UK healthcare service.
His comments come on the back of the Ukraine conflict, which has led to a rise in malicious cyber incidents on businesses and government agencies around the world.
Mitchelson, who stepped down from his role as digital director of NHS National Services Scotland (NSS) last year, said that Check Point is seeing a 71 per cent increase in weekly attacks on healthcare, to around 830 per week.
He said: “Given the impact of last year’s ransomware attack on the Irish healthcare service, the NHS in Scotland needs to be on high alert. The threat and number of cyber attacks continues to rise and healthcare is near the top of sectors being targeted.”
A cyber attack on Ireland’s health service last May caused widespread disruption, forcing the organisation to cancel appointments and take its systems offline to protect them from further harm.
Mitchelson said: “Cybersecurity is on the risk logs of most NHS boards in Scotland, but few boards have dedicated security teams and appropriate investment in robust cyber programmes that will deliver end-to-end protection of our services.
“There is such a huge attack surface in the NHS supporting its 200,000 workforce, and with many still working remotely, it only takes a single compromised account or weak remote access control for a threat actor to access our health systems.”
It follows the news that pro-Russian hacker group Killnet threatened to shut down British hospital ventilators after an alleged member of their cyber crime gang was arrested in the UK earlier this month.
Mitchelson said he was “not convinced” that the claims were legitimate. “Killnet is a pro-Russian hacker group, but so far we are seeing them target mainly government websites, the latest of which was several Italian ministries. I would be surprised if they switched focus onto healthcare, but do expect that UK government websites are already a target for them.”
But he stressed the need for the NHS to “up its game” and remove all unsupported operating systems, strengthen remote access, increase end-to-end visibility and monitoring and ensure that “robust” incident response plans are in place.
He said: “The NHS has such a huge threat landscape to protect. I fear that 2022 may see a major cyber attack in UK healthcare and hope it is prepared.
“Collectively we need to raise our game and ensure we are not distracted by any geo-political conflicts.”
How can this be done? “There needs to be a joined-up cyber programme across the NHS focused on delivering improved cyber resilience”, he said.
“This won’t succeed if managed at silo’d board level, it needs to deliver improvements across the entire NHS. For example, malware is capable of infecting millions of devices with a 24 hour period.
“The NHS needs assurance that its defences would stop a malware from deploying its payload and infecting devices.
“If infection occurs then it needs assurance that its end-to-end monitoring capability would detect this at the earliest opportunity and that a highly segmented network would stop the spread both within boards and across to other boards.”
Without a focus on resilience, the impact of a cyberattack could be devastating.
“Any infection would spread and infect in particular un-patched and end-of-life devices, having a detrimental impact on both emergency and scheduled procedures,” he said.
What could an attack on the NHS look like in reality? “I would expect any breach to initially be IT related, but the NHS has a huge number of medical devices, often running older operating systems, which could be easily compromised with ransomware.
“Groups like Conti and Lapsus$ are in it for the commercial gain and they would steal as much patient data as possible, whilst encrypting devices and disrupting operations.
“So much of our healthcare is now dependant on digital technologies that this could have a crippling impact, from appointment scheduling and prescriptions to consultations and operations.”
Why innovation and marketing are the perfect partners to make changes that matter￼
With the rapid evolution of traditional marketing and the appearance of digital marketing, technology and innovation has become part of any marketer’s life without the need of working for a…
Transitioning to a four-day week – CEO’s vow to strike a healthier balance in the workplace
I came to Scotland nearly 20 years ago from Ireland, with no contacts but a lot of determination. While Ireland will always be my home, Scotland has given me amazing…
Women Lead: The female-led company championing intuitive working
Over the last two years, the pandemic forced a shift to more remote and flexible working practices. Whilst we might be seeing a “return to normal”, some companies are choosing…
Women Lead: My passion for young people to consider a career in digital
Twenty years ago, I stumbled across my career in digital marketing almost by accident. It was during my honours degree in marketing at Glasgow Caledonian University. I was on work…
Women Lead: Inclusive Silicon Valley cohort gives hope to entrepreneurs from diverse backgrounds
Things are happening on the Scottish tech scene. Big and small initiatives are creating a fantastic ripple effect on the sector, bottom up and top down, thanks to the recommendations…
Women Lead: The story of an entrepreneurial scientist
I first arrived in Scotland over 20 years ago. I had £75 in my wallet and a scholarship offer to do a PhD at the University of Edinburgh. Sometimes I…
Please mind the gap… or healthcare may fall
Imagine sharing a lengthy train journey with others. From beginning to end, imagine how often you might hear ‘mind the gap’ messages about embarking and disembarking safely. Picture how navigating…
Women Lead: My journey from Dragons’ Den to Silicon Valley
Following her appearance on Dragons’ Den, Sheila Hogan, serial entrepreneur, founder and chief executive of digital legacy vault, Biscuit Tin, shares her experience of her time in the Den and…