Monday 15th May. Within hours of publishing our thought piece on the clear and present threat posed to the NHS by the increasing frequency and intensity of cyber attacks, news began to break of the ransomware outbreak affecting a significant number of healthcare providers in the UK. Although the attack has now been recognised as a global cybercrime, hitting organisations ranging from Nissan to the Russian rail network, the impact on the National Health Service has been the most serious. IT systems were shut down, ambulances were redirected from some A and E departments and uncertainty remains regarding planned GP and hospital appointments.
Details of the vulnerability the attack exploited have been well documented. Legacy operating systems, specifically Microsoft XP and something called Server Message Block (a protocol for sharing files across a network) emerged as a key part of the problem. But what guidance can be given to NHS and other organisations who are still currently suffering or perhaps narrowly avoided the consequences?
Responding to Friday’s cyber attack
In this instance, the first and most important thing was to immediately deploy the security update associated with Microsoft Security Bulletin MS17-010. Many clients I spoke with over the weekend have done this already or are doing so since Microsoft took the unprecedented move to release this patch for previously unsupported systems. More broadly, NHS Digital is working closely with the National Cyber Security Centre, the Department of Health and NHS England to support affected organisations and ensure patient safety is protected. Their focus is on supporting organisations to manage the incident 'swiftly and decisively' and they have updated their guidance on how to protect against cyber attacks. With specific detail on reconnecting networks and patching systems as a result of this weekend's events.
Understanding the complexities of IT within the NHS
However, these specific guidance and software updates are only part of the solution. The complexity of IT within the health economy is staggering. Most NHS organisations own and manage the majority of systems within their environment having their own policies and schedules for maintenance and upgrades. But some systems are managed by third party application vendors or medical devices companies who operate their own policies and schedules. The result is often an ecosystem of dependent systems within an organisation and because many organisations share the same applications, an interorganisational dependency too. Perhaps a lack of funding or the perception that resources should be prioritised on clinically focussed outcomes are all possible reasons why there is no simple solution.
“We can’t afford to partner with people who can’t deliver, because our reputation and people's lives are on the line.”
Philippa Graves, CIO, Luton and Dunstable University Hospital
What has struck me, and many of our customers I’ve spoken to, is the way in which our operations team reacted to the unfolding situation over the weekend. They demonstrated the value of true partnership, going above and beyond to support our clients at the time they needed it most. But importantly, our team dealt with it as business as usual, demonstrating again that we're a safe pair of hands for the workloads that clients value the most.
We utilised our proven Security Operations Centre (SOC) services with SIEM capability for real-time analytics and were able to provide ongoing guidance to organisation stakeholders at relevant times. We have advanced layer 7 inspection services enabling us to discover and protect against next generation threats on the edge or within a client's own network. Partnered with our leading Intrusion Detection and Prevention services, we're able to understand and cover emerging attacks and mitigate risk and impact. But to define a solution, we first must understand the requirement.
How we can help identify and deliver security for your organisation
An organisation's understanding of risk and approach to security must now be placed at the top of any list of tech priorities.
As an ecosystem of healthcare providers and partners, we should not allow events like this weekend to happen again, which is why OCSL is working closely with Microsoft and Intel in the UK to conduct a Healthcare Security Readiness Programme. Aimed at helping Trusts understand where they stand in terms of maturity, priorities and breach security capabilities. This fully funded assessment is a great opportunity to take a step back and review the landscape.
Following this, our Security Assessment, which is part of our proven Enablement Framework give you a clear understanding and approach to protecting and securing your environment in the short and long term. It details how your services are configured against threat vulnerabilities and reviews how your applications and data are protected. Complex security requirements become clearly defined actions and outcomes. Providing a clear picture of what’s possible and how to remain safe and compliant.
If you want a fresh perspective and a better answer, please contact us to book an initial discovery call leading to a fully funded, onsite workshop.