Following the news about Dozens Of NHS Hospitals that Targeted By Cyber Blackmailers, Jonathan Mepsted, managing director UK at Netskope commented below.
Jonathan Mepsted, Managing Director UK at Netskope:
“Given the NHS deadline to go paperless by 2020 and the resulting push towards a digital-first strategy, NHS Trusts will need to ensure the correct security controls are in place in order to remain vigilant to the increasing threat of cyberattacks such as ransomware demands. This includes watching out for sophisticated methods used to spread malware. As one example, Netskope’s Research Labs team recently found a strain of malware which users can unknowingly spread through sync and share mechanisms in cloud storage apps – enabling the malware to spread rapidly throughout an organisation in a short period of time.
“A recent FOI study carried out by Netskope revealed that NHS Trusts have very limited visibility into the cloud apps used by employees: fewer than one in five NHS Trusts (19 per cent) monitor all cloud app use by employees. This restricted visibility into the data being uploaded/shared through cloud apps can pose serious risks, such as fines for non-compliance and reputational damage, as well as potentially opening up systems to attack. The healthcare sector handles a huge cross-section of sensitive data, including large amounts of personally identifiable information relating to citizens’ health. It is absolutely vital that this sensitive data is kept secure. Appropriate safeguards around cloud app use are a vital piece of an effective security strategy.
“With a growing appetite for sensitive medical data amongst cyber criminals, and increasingly sophisticated ways of formulating attacks, the healthcare industry needs to respond by ensuring IT teams have the tools they need not only to gain visibility into employee app use and activity, but also to have deeper intelligence, protection, and remediation to help them stop malware in its tracks. As the cloud threat landscape becomes increasingly complicated, steps must be taken to ensure that patient privacy and security remain a top priority.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.