NHS Scotland must be on ‘high alert’ amid rise in ransomware attacks, warns cyber boss
NHS Scotland “needs to be on high alert” amid a “huge increase” in the number of attacks on the healthcare sector, a cyber boss has warned.
Deryck Mitchelson, chief information security officer at global cybersecurity firm Check Point, said he fears that 2022 will see a “major cyber attack” on the UK healthcare service.
His comments come on the back of the Ukraine conflict, which has led to a rise in malicious cyber incidents on businesses and government agencies around the world.
Mitchelson, who stepped down from his role as digital director of NHS National Services Scotland (NSS) last year, said that Check Point is seeing a 71 per cent increase in weekly attacks on healthcare, to around 830 per week.
He said: “Given the impact of last year’s ransomware attack on the Irish healthcare service, the NHS in Scotland needs to be on high alert. The threat and number of cyber attacks continues to rise and healthcare is near the top of sectors being targeted.”
A cyber attack on Ireland’s health service last May caused widespread disruption, forcing the organisation to cancel appointments and take its systems offline to protect them from further harm.
Mitchelson said: “Cybersecurity is on the risk logs of most NHS boards in Scotland, but few boards have dedicated security teams and appropriate investment in robust cyber programmes that will deliver end-to-end protection of our services.
“There is such a huge attack surface in the NHS supporting its 200,000 workforce, and with many still working remotely, it only takes a single compromised account or weak remote access control for a threat actor to access our health systems.”
It follows the news that pro-Russian hacker group Killnet threatened to shut down British hospital ventilators after an alleged member of their cyber crime gang was arrested in the UK earlier this month.
Mitchelson said he was “not convinced” that the claims were legitimate. “Killnet is a pro-Russian hacker group, but so far we are seeing them target mainly government websites, the latest of which was several Italian ministries. I would be surprised if they switched focus onto healthcare, but do expect that UK government websites are already a target for them.”
But he stressed the need for the NHS to “up its game” and remove all unsupported operating systems, strengthen remote access, increase end-to-end visibility and monitoring and ensure that “robust” incident response plans are in place.
He said: “The NHS has such a huge threat landscape to protect. I fear that 2022 may see a major cyber attack in UK healthcare and hope it is prepared.
“Collectively we need to raise our game and ensure we are not distracted by any geo-political conflicts.”
How can this be done? “There needs to be a joined-up cyber programme across the NHS focused on delivering improved cyber resilience”, he said.
“This won’t succeed if managed at silo’d board level, it needs to deliver improvements across the entire NHS. For example, malware is capable of infecting millions of devices with a 24 hour period.
“The NHS needs assurance that its defences would stop a malware from deploying its payload and infecting devices.
“If infection occurs then it needs assurance that its end-to-end monitoring capability would detect this at the earliest opportunity and that a highly segmented network would stop the spread both within boards and across to other boards.”
Without a focus on resilience, the impact of a cyberattack could be devastating.
“Any infection would spread and infect in particular un-patched and end-of-life devices, having a detrimental impact on both emergency and scheduled procedures,” he said.
What could an attack on the NHS look like in reality? “I would expect any breach to initially be IT related, but the NHS has a huge number of medical devices, often running older operating systems, which could be easily compromised with ransomware.
“Groups like Conti and Lapsus$ are in it for the commercial gain and they would steal as much patient data as possible, whilst encrypting devices and disrupting operations.
“So much of our healthcare is now dependant on digital technologies that this could have a crippling impact, from appointment scheduling and prescriptions to consultations and operations.”