Rising threats from nation state actors and cyber-criminal gangs

Phil Howe, chief technology officer at Core to Cloud examines the cyberthreat to the NHS from nation state actors and cyber criminals

Since October, the UK Government has been on ‘high alert’ - preparing for a new wave of potentially devastating Nation State-led cyber-attacks towards our critical infrastructure. With cybercrime rising around the world, costs are set to reach $10.5 trillion a year by 2025, with the health sector being a specific target for cyber criminals due to the sheer amount of data it harvests and stores.
    
According to U.S. government data, cybersecurity vendors have seen a sharp increase in data breaches targeted at the healthcare industry during the first five months of 2022. Supporting this, a 2021 study by Critical Insight using HHS (U.S. Department of Health and Human Services) information found that between 2018 and 2021, there was an 84 per cent increase in the number of data breaches against healthcare organisations. When it came to the number of victims impacted by these breaches, the figures jumped from 14 million in 2018 to 44.9 million in 2021.
    
While the increase in these figures is shocking, what’s important is that we recognise that the form of many of these attacks is changing. Some threat actors are stealing and ransoming data, but others are encrypting entire networks and disrupting urgent medical care. As a result of the type, impact, and frequency of cyberattacks evolving so rapidly, many organisations are left struggling to stay one step ahead of the battle to keep their organisation, patients and data safe.

Why it’s a serious problem for the health sector
The explosion in cyber threats against the medical industry is being fuelled by the increasing use of medical IoT. The medical IoT industry produces all manner of equipment, from heart monitors to infusion pumps that administer crucial drugs. All this is changing the face of many healthcare services around the world by increasing medical accuracy and patient satisfaction rates, thanks to its ability to facilitate remote treatment and monitoring.
    
Over time, gathering vast amounts of patient data upon specific illnesses improves patient treatment and advances the future of care for the betterment of everyone. But gathering this data requires such medical devices to be connected to networks or the internet. With more than 75 per cent of all medical devices now linked to a network, these devices increase the attack surface, thereby increasing the number of potential routes in for cyber criminals.
    
Despite the inherent benefits of connected medical devices, many hospitals’ devices are over a decade old and have never been patched. This is particularly problematic for healthcare settings which use extremely sensitive pieces of technology, for example, highly targeted radiological cancer equipment. It’s also been reported by the Interim CIO at NHSX that 21 million items of malicious activity get blocked every month within the NHS, which can only emphasise the criticality and urgency of the issue.

Attacks through the health sector supply chain
The rapid growth of these connected devices also means that the supply chain for many healthcare providers has widened. With rising third parties involved in the chain, from software suppliers to the device manufacturing companies, cybercriminals look for ways to compromise these businesses as a way to gain access to confidential information on the medical organisations that they serve.
    
With 60 per cent of incidents reported as the result of a third-party partner with stolen access privileges, these cyber criminals are targeting the smaller suppliers and service providers, knowing that their cyber security measures may present a weak spot, and an opportunity to attack further up the supply chain. A recent example of this was seen in the UK in August 2022, when the NHS 111 suffered an attack by cybercriminals which impacted one of their suppliers - the software vendor, Advanced. This led to specific NHS services being rendered unusable for certain parts of the country.
    
To safeguard against attacks through the supply chain, healthcare organisations should ensure that supply chain partners comply with their own cyber security and data management policies.
    
To increase supply chain resiliency, hospital leaders should insist that your suppliers have simple but standard processes in place like having Multi Factor Authentication (MFA) as standard and not as an exception.
    
Ensure that any new suppliers complete an information security questionnaire which will allow healthcare organisations to understand and enforce best practices when it comes to cybersecurity measures.
    
Create new contingency plans that address serious, long-term disruptions, such as forming coalitions with other hospitals to ensure they can share scarce resources (as appropriate).
    
Automate and update enterprise resource planning (ERP) and materials management information systems (MMIS). While healthcare was initially a leader in implementing ERP and MMIS, the industry has fallen far behind other industries when it comes to supply chain management. Many hospitals haven’t upgraded their systems or transitioned to automated processes. Doing so will enable easier tracking and analysis of data, for example, data related to inventory will allow for a much quicker response to shortages and use fewer resources to remedy.
    
Implement AI-based analytics and demand forecasting that incorporates supply chain disruption into their algorithms. A February 2020 survey of 100 hospital and supply chain leaders by Sage Growth Partners indicates there is a significant need for hospitals to adopt these technologies. Only 12 per cent of survey respondents said they use AI or predictive analytics to optimise the supply chain. AI and demand forecasting technologies will help ensure that hospitals have enough critical supplies and devices during the next significant supply chain disruption.
    
In addition to securing their supply chain, healthcare organisations must also increase their vigilance and implement extra cybersecurity measures if they wish to remain one step ahead of the continual threats from cyber-attackers.

Further steps to prevent cyber attacks
In the 2022 Data Breach Investigations Report, it’s been found that 82 per cent of breaches involved a human element. Whether it’s the result of using poor credentials, a lack of good network management or education among staff - below are the key steps healthcare trusts can take to better protect themselves against any impending cyber-attacks:

Increase network visibility
With numerous devices accessing any one network together with the boom in the Internet of Medical Things (IoMT), it’s crucial for organisations to have clear visibility of what is connected, from where and by whom. Currently, many connected devices are largely unmanaged, and healthcare staff don’t have enough visibility of what these pieces of equipment are doing in real time. Understanding how these devices are communicating to the network is paramount to ensuring the security of any device and minimising the chance of an attack.   

Proper access management
Access to data, systems and services needs to be protected, which often involves restricting employees only to the information they need to do their job, and always having some level of verification in place for every user. As a result, it’s imperative for an organisation to consider how it establishes identity and to incorporate appropriate methods that will establish and prove the identity of users, devices, or systems, making it increasingly harder for attackers to pretend to be legitimate. Identity and access management policies should be put into operation to account for who has access and under what circumstances.

Continuous staff training
The people employed by an organisation need to be front and centre of every cybersecurity strategy. As they’re often on the frontline of patient care and safety, they are well positioned to be one of the most effective resources in preventing incidents or detecting when one has occurred. However, this is only possible if they are properly educated on the potential cybersecurity risks and vulnerabilities, and trained in how to reduce these as well as respond in the event of an emergency.
    
To better guard themselves against the ongoing attacks from cybercriminal gangs, the healthcare sector needs to take steps to defend itself from the outside by ensuring robust supply chain security, but also from the inside. This entails proper cybersecurity management, access, and training of staff on how to detect, minimise and react to breaches. However, doing this will require better tools to enhance visibility of networks, monitor access and risks, and mobilise staff through ongoing training to keep them one step ahead of these ever-changing cyber-attacks.

Phil Howe is the chief technology officer (CTO), appointed 2020, at Core to Cloud. Phil is a highly experienced, multi-skilled senior IT manager with a hands-on understanding of building new technologies inside significant and critical IT infrastructures, having spent over 18 years working in the NHS.  Before joining Core to Cloud, Phil was an IT specialist for Ehealth at NHS Dumfries & Galloway and later joined the Bolton NHS Foundation Trust as a senior system & network technician and was appointed as deputy chief technology officer. Here he oversaw the third line and projects team, responsible for technical strategy and programme management, planning, funding, and delivering major IT projects and systems to support IT security and patient care delivery in a large and complex organisation.  
    
Phil also has extensive experience working in the private sector, where he worked as a senior technical project expert and engineer with Northgate Information Solutions for almost four years. As a member of the Core to Cloud team, he will now assist the company in expanding and progressing to the next stage of its rapid development.