It has been reported that the NHS Digital, the IT arm of the National Health Service, has secured a £20 million budget to spend on establishing a new cyber security centre, which will constantly scan for attacks and probe the organisation’s own defences using ethical hackers.
The NHS will use the money to create ‘a national, near real-time monitoring and alerting service that covers the whole health and care system’, said NHS Digital, with ‘extra specialist resources during peak periods’.
‘It will also allow us to improve our capabilities in ethical hacking, vulnerability testing and the forensic analysis of malicious software and will improve our ability to anticipate future vulnerabilities while supporting health and care in remediating known threats’, the organisation added.
The NHS hopes that the new service will help it to avoid another WannaCry, even after it (hopefully) upgrades to more secure operating systems. The ransomware attack in May led to criticisms of the NHS’s cyber security. Andrew Clarke, EMEA Director at One Identity commented below.
Andrew Clarke, EMEA Director at One Identity:
“Realising that there is a problem is the first step in improving. The NHS has developed a great patient service – but as with any large infrastructure, as it evolves over time and technology plays a bigger role, gaps occur. A sharp reminder of this was when the Wannacry ransomware targeted the NHS earlier in 2017; security fundamentals such as vulnerability management and patch management were found to be lacking and it became clear that it takes only one system to enable the door to open to malicious attacks.
The £20M investment by NHS Digital in a centralised cybersecurity unit (or Security Operation Centre) will enable the NHS to take care of its wide-reaching infrastructure – to probe for known vulnerabilities and ensure that best practice security advice is actually implemented. Already in the UK, the National Cyber Security Centre (NCSC), is making an impact in defensive advice to business and government, and will provide the expert guidance for the security professionals hired by NHS Digital to be proactive. Overall, we are seeing an important shift in government strategy. It is encouraging to see these steps taking place that provide a stronger foundation for effective provision of essential services.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.