Hundreds of the country’s vital healthcare firms are set to benefit from government funding to boost their cybersecurity, the Digital Infrastructure Minister Matt Warman announces today, as part of London Tech Week.
The move comes after the National Cyber Security Centre (NCSC) identified a heightened cyber threat to the UK health sector in relation to the pandemic.
Small and medium-sized businesses, such as medical suppliers and primary care providers, are being invited to apply for a slice of the £500,000 funding
The initiative will see all consultancy and certification costs covered by the government.
It is encouraging to see the government taking the cyber-threat to the healthcare industry seriously. The COVID-19 pandemic has seen a significant rise in the reliance on the internet for healthcare professionals to carry out their job. From connectivity with patients, to the interconnectivity of different medical devices passing patient data, the threat vector has expanded dramatically. This has made the sector an attractive target for cybercriminals, with the wealth of research, personal, and confidential data available to them. Recent research, commissioned by Mimecast surveying healthcare professionals, found that 41% are seeing cyber-attacks against their organisation take place on a weekly basis.
It remains so important that healthcare professionals are as vigilant to cyber-threats as possible. One minor lapse of cyber hygiene can lead to a cybersecurity attack. These can result in service disruption, potentially postponing treatment for patients; or they can lead to huge amounts of data being leaked to hackers with nefarious intent. This investment is a welcome incentive, but needs to be combined with employee awareness training along with a layered cyber security strategy to ensure that the healthcare sector is well-prepared for the increased in threats it faces as a direct result of the pandemic.
This is very welcome news from the Minister and the NCSC. As we navigate our way through the COVID pandemic, cybercriminals are finding ever more vulnerable victims. The spotlight on the vital importance of health and social care providers as well as supply chains has clearly brought them to the fore as ripe for a cyberattack. That coupled with the constant threat from non-malicious insider threats makes having even the most basic of Cyber-hygiene protocols in place an absolute must for every business involved.
Unfortunately, the amount of money available is paltry when compared to the threat.
At its most basic, Cyber Essentials costs £300 +VAT. When you add ‘consultancy and certification costs’ this amount can rapidly escalate to the high hundreds or even more, depending on the size of the business taking advantage of this offer.
Given the size of the sector and the level of the threat, this is a nice idea but it is woefully under-funded.
The first applicants to take advantage of this incentive will already be well aware of the Cyber threats they face and, whilst it will mitigate those to some extent, by the time the majority of providers and suppliers, those who through no fault of their own don’t really understand the vital need to take part, start to take notice and apply, the money will be gone.
Those organisations are where the health and social care sector is most vulnerable, and they are the providers and suppliers who need this kind of help the most.
Healthcare organisations are major targets and will see any and all lapses in security exploited by malicious individuals, both internal and external. Companies handling medical records are heavily targeted by cybercriminals, therefore, they take every precaution necessary to protect patient data. Hundreds of hospitals, medical offices, and imaging centers have contributed to over a billion exposed records.
According to Bitglass\’ Healthcare Breach Report, the number of records breached in 2019 (27.5 million) was more than double that of 2018 (11.5 million) – which itself was over double that of 2017 (4.7 million). The average number of individuals affected per breach reached 71,311 in 2019, nearly twice that of 2018 (39,739), indicating that breaches are becoming more common and much larger over time.
The rapid digitisation of patient records means it’s been very difficult to implement consistent data security policies and training schemes to educate staff on keeping data safe. As healthcare organisations make patient data more accessible to individuals and new systems, they must make information security their top priority.
Strategic investments in cybersecurity will make a significant impact on protecting healthcare businesses against cybersecurity risks, which will potentially save billions in the long run. With this new funding, and by procuring cloud apps with a strong security track record and third-party tools to secure data in the cloud, healthcare organisations will be able to improve their ability to protect medical records and allow them to focus on their core competency – delivering care services.