One in five hacking incidents targeting healthcare sector, says NCSC 

One in five hacking incidents in the last 12 months were targeted against healthcare organisations according to the National Cyber Security Centre’s annual review.

The organisations, which is a part of GCHQ, expanded its online defence of the UK by managing an unprecedented 777 incidents over the last twelve months – up from 723 the previous year.

That represents a 7.4 per cent rise in computer-based threats to all organisations supported by NCSC, including those in the frontline responding to Covid-19 and vaccine support programmes.

The growth in the number of incidents handled by the NCSC this year is partially reflected in the organisation’s ongoing work to proactively identify threats through the work of its Threat Operations and Assessment teams.

The health sector and in particular the vaccine rollout was a major focus for the NCSC, with the organisation’s world-leading services protecting NHS, healthcare, and vaccine supplier IT systems from malicious domains billions of times.

Over the past 12 months the NCSC also responded to a rise in ransomware attacks, and a range of services have been provided to businesses over the past year to help protect them from ransomware.
These include the Early Warning Service alerting organisations to emerging threats through to cyber security advice for those working in education.

These efforts have come against a backdrop of responding to significant global incidents, including the attack on the SolarWinds IT management platform by Russia’s Foreign Intelligence Service – one of the most serious cyber intrusions of recent times – and a major ransomware attack on the American software firm Kaseya.

Lindy Cameron, CEO of the NCSC, said :“I’m proud of the way the NCSC has responded to what has been another hugely challenging year for the country as we all continue to navigate our way through the pandemic.

“The support and expertise we have provided for stakeholders from government all the way through to the general public during the pandemic has been vital to keeping the country safe online.

“Undoubtedly there are challenges ahead, but the upcoming National Cyber Strategy combined with the continued engagement from businesses and the public provides a solid foundation for us to continue reducing the impact of online threats.”

In 2020 the NCSC surged its efforts towards protecting healthcare in the wake of the pandemic outbreak, and since then it has channelled further resources towards those involved in the rollout of the vaccine by providing the necessary intelligence and tools to respond to the threats they faced.

This included the extension of the organisation’s Protective Domain Name System (PDNS) service to over 1000 additional organisations within the Health and Social Care sector to support of vaccine development and supply chain organisations.

This extension represented protection of an additional 3 million employees in the sector, from essential workers providing and supporting front line care to those working to develop and deliver vaccines to citizens across the country.

Jude McCorry, CEO of Scottish Business Resilience Centre, said: “It’s alarming to see the number of cyber incidents increasing but these figures are far from surprising. Most businesses have been focussed on recovery over the last year – understandably – but this has left them vulnerable to the threats of opportunistic cyber criminals.

“While the report focuses on Covid related incidents, it’s important to note the upward trajectory in cybercrime overall. Now more than ever, individuals and businesses must be on high alert for sophisticated cyber scams. It’s definitely not the time for anyone to let their guard down. The NCSC does an incredible job of monitoring, managing and preventing such incidents – without them it is likely these figures could have been much higher.

“Nonetheless, these figures are a stark reminder to organisations that they must take a proactive approach to their cyber planning. But they don’t have to do this on their own. There is a broad range of support available – from workshops like Exercise in a Box and programmes to upskill board members, to online resources and advice lines to ensure businesses have the practical support they need to ensure they do not become a statistic.”