CS Mar Apr 2022

NHS breaches
use of provided technology, is crucial to a
successful multi-layered defence strategy."
Staff training is therefore essential for
defending against cyber-attacks, and
employees need to know what to look out
for, he points out. "The training materials
used need to be updated continuously to
reflect the latest threat trends - and regular
simulations should be run to ensure that the
training has the desired effect. Training will
help prevent data leaks like this one, which
seemingly occurred due to an employee error,
and reduce the severity of attacks overall."
There is also the added importance of
having unique passwords for each service
and enabling two-factor authentication
whenever possible. "Individuals should remain
vigilant in scrutinising the types of emails they
receive - and this should be underpinned
by cybersecurity technology such as email
filtering and anti-malware protection. In
addition to these layers of security, real-time
assessment of bad or anomalous behaviours
within the architecture are becoming more
prevalent to help with breach detection.
Finally, in this case, it appears that inadequate
data archiving measures were in place to
ensure compliance with data protection
regulations - and it is important that
archiving and backup processes are carefully
planned and monitored to ensure the most
effective data protection outcome."
These layers of protection all need to build
on a foundation of good cyber hygiene,
such as regularly installing patches on servers,
endpoints and network devices along with
running reputable antivirus and anti-malware
software, Aldridge concludes. "Policies and
processes should also be in place to prevent
confidential materials being sent via email or
being extracted to the external USB storage."
ANY DATA IS NOW AT RISK
Given the current landscape, we must face
the fact that any data is at risk of being
leaked, breached, stolen or encrypted, says
Peter Stelzhammer, co-founder at AV-
Comparatives. "Organisations must be
prepared and be aware that, even with the
best protection money can buy, there is still
the risk of an insider job, a hacker better than
your cybersecurity system or a software bug
in one of the systems." Information is there
to be shared and this is especially important
in the health sector- patient data must be
available always and everywhere for those
who need it, he states. "While this data is
vital for patient care, security should not be
sacrificed for accessibility."
There is far more at stake in this sector than
simply the loss of data, he continues: cyber
criminals could potentially alter data sets,
such as prescribed medications, or disrupt
medical schedules posing a risk to the
health and wellbeing of patients. "To protect
sensitive data, organisations should use stateof-the-art
multi-layered cybersecurity that is
independently tested and they must restrict
data access to only those people who really
need it."
Companies should also carry out risk
management, not only for a data breach, but
also what to do if your data gets lost, due to
a faulty IT system. "It's also important to have
a rolling back-up to help prevent huge data
losses and speed up the process of getting
back online," adds Stelzhammer. "If you can
prepare a plan of what to do if a data breach
happens by testing the systems and your
incident response processes, this will help the
entire workforce, not just the security team,
should a breach occur."
His final advice to organisations? "Don't bury
your head in the sand," he comments. "Seek
external help and, if a breach occurs, be sure
to inform those concerned and the authorities
immediately."
THE TRADITIONAL APPROACH IS NOT
THE WAY FORWARD
Felix Rosbach, product manager at comforte
AG, says that a data breach affecting the
highly sensitive data of tens of thousands
of NHS patients might make you question
whether healthcare providers are serious
about data privacy and security. "This
report should trigger alarm bells within the
healthcare sector," he states. "After all, it is
difficult to grasp a situation in which
thousands of subjects have had their most
personal and sensitive health information
compromised. And while it sometimes feels
like we reached the point where nothing
can be protected anymore, this is not the
case. Often, these types of data breaches
occur because of a traditional approach to
cybersecurity, protecting borders and
perimeters or limited budget due to unwise
business decisions."
Effective data security and the principles
of Zero Trust need to be applied directly to
sensitive patient information, he insists.
"By protecting patient information utilising
methods such as tokenisation or formatpreserving
encryption, organisations can
continue to work with sensitive data in its
protected state. Better yet, if [or when]
threat actors gain access to protected data,
they cannot comprehend it or leverage
it for personal gain or other nefarious
purposes. If a healthcare organisation isn't
actively assuming the worst and exploring
data-centric security to protect patient
data, the long-term prognosis doesn't look
good," Rosbach warns.
HUGE ATTACK SURFACE
The healthcare sector has always been
extremely attractive to threats actors
looking to cause havoc, sys Ronan David,
chief of strategy at EfficientIP. "Not only
do healthcare organisations hold a wealth
of customer and employee data, but the
large number of devices and platforms
connected to their networks means that
their attack surface is huge. If the functions
of the health system do not work, then it
puts patient lives at risk, thus putting a
severe amount of pressure on the NHS to
give into the threat actor's demands?
www.computingsecurity.co.uk @CSMagAndAwards Mar/Apr 2022 computing security
25