CS Mar Apr 2022
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
NHS breaches<br />
use of provided technology, is crucial to a<br />
successful multi-layered defence strategy."<br />
Staff training is therefore essential for<br />
defending against cyber-attacks, and<br />
employees need to know what to look out<br />
for, he points out. "The training materials<br />
used need to be updated continuously to<br />
reflect the latest threat trends - and regular<br />
simulations should be run to ensure that the<br />
training has the desired effect. Training will<br />
help prevent data leaks like this one, which<br />
seemingly occurred due to an employee error,<br />
and reduce the severity of attacks overall."<br />
There is also the added importance of<br />
having unique passwords for each service<br />
and enabling two-factor authentication<br />
whenever possible. "Individuals should remain<br />
vigilant in scrutinising the types of emails they<br />
receive - and this should be underpinned<br />
by cybersecurity technology such as email<br />
filtering and anti-malware protection. In<br />
addition to these layers of security, real-time<br />
assessment of bad or anomalous behaviours<br />
within the architecture are becoming more<br />
prevalent to help with breach detection.<br />
Finally, in this case, it appears that inadequate<br />
data archiving measures were in place to<br />
ensure compliance with data protection<br />
regulations - and it is important that<br />
archiving and backup processes are carefully<br />
planned and monitored to ensure the most<br />
effective data protection outcome."<br />
These layers of protection all need to build<br />
on a foundation of good cyber hygiene,<br />
such as regularly installing patches on servers,<br />
endpoints and network devices along with<br />
running reputable antivirus and anti-malware<br />
software, Aldridge concludes. "Policies and<br />
processes should also be in place to prevent<br />
confidential materials being sent via email or<br />
being extracted to the external USB storage."<br />
ANY DATA IS NOW AT RISK<br />
Given the current landscape, we must face<br />
the fact that any data is at risk of being<br />
leaked, breached, stolen or encrypted, says<br />
Peter Stelzhammer, co-founder at AV-<br />
Comparatives. "Organisations must be<br />
prepared and be aware that, even with the<br />
best protection money can buy, there is still<br />
the risk of an insider job, a hacker better than<br />
your cybersecurity system or a software bug<br />
in one of the systems." Information is there<br />
to be shared and this is especially important<br />
in the health sector- patient data must be<br />
available always and everywhere for those<br />
who need it, he states. "While this data is<br />
vital for patient care, security should not be<br />
sacrificed for accessibility."<br />
There is far more at stake in this sector than<br />
simply the loss of data, he continues: cyber<br />
criminals could potentially alter data sets,<br />
such as prescribed medications, or disrupt<br />
medical schedules posing a risk to the<br />
health and wellbeing of patients. "To protect<br />
sensitive data, organisations should use stateof-the-art<br />
multi-layered cybersecurity that is<br />
independently tested and they must restrict<br />
data access to only those people who really<br />
need it."<br />
Companies should also carry out risk<br />
management, not only for a data breach, but<br />
also what to do if your data gets lost, due to<br />
a faulty IT system. "It's also important to have<br />
a rolling back-up to help prevent huge data<br />
losses and speed up the process of getting<br />
back online," adds Stelzhammer. "If you can<br />
prepare a plan of what to do if a data breach<br />
happens by testing the systems and your<br />
incident response processes, this will help the<br />
entire workforce, not just the security team,<br />
should a breach occur."<br />
His final advice to organisations? "Don't bury<br />
your head in the sand," he comments. "Seek<br />
external help and, if a breach occurs, be sure<br />
to inform those concerned and the authorities<br />
immediately."<br />
THE TRADITIONAL APPROACH IS NOT<br />
THE WAY FORWARD<br />
Felix Rosbach, product manager at comforte<br />
AG, says that a data breach affecting the<br />
highly sensitive data of tens of thousands<br />
of NHS patients might make you question<br />
whether healthcare providers are serious<br />
about data privacy and security. "This<br />
report should trigger alarm bells within the<br />
healthcare sector," he states. "After all, it is<br />
difficult to grasp a situation in which<br />
thousands of subjects have had their most<br />
personal and sensitive health information<br />
compromised. And while it sometimes feels<br />
like we reached the point where nothing<br />
can be protected anymore, this is not the<br />
case. Often, these types of data breaches<br />
occur because of a traditional approach to<br />
cybersecurity, protecting borders and<br />
perimeters or limited budget due to unwise<br />
business decisions."<br />
Effective data security and the principles<br />
of Zero Trust need to be applied directly to<br />
sensitive patient information, he insists.<br />
"By protecting patient information utilising<br />
methods such as tokenisation or formatpreserving<br />
encryption, organisations can<br />
continue to work with sensitive data in its<br />
protected state. Better yet, if [or when]<br />
threat actors gain access to protected data,<br />
they cannot comprehend it or leverage<br />
it for personal gain or other nefarious<br />
purposes. If a healthcare organisation isn't<br />
actively assuming the worst and exploring<br />
data-centric security to protect patient<br />
data, the long-term prognosis doesn't look<br />
good," Rosbach warns.<br />
HUGE ATTACK SURFACE<br />
The healthcare sector has always been<br />
extremely attractive to threats actors<br />
looking to cause havoc, sys Ronan David,<br />
chief of strategy at EfficientIP. "Not only<br />
do healthcare organisations hold a wealth<br />
of customer and employee data, but the<br />
large number of devices and platforms<br />
connected to their networks means that<br />
their attack surface is huge. If the functions<br />
of the health system do not work, then it<br />
puts patient lives at risk, thus putting a<br />
severe amount of pressure on the NHS to<br />
give into the threat actor's demands?<br />
www.computingsecurity.co.uk @<strong>CS</strong>MagAndAwards <strong>Mar</strong>/<strong>Apr</strong> <strong>2022</strong> computing security<br />
25