In September we reported about a cyberattack on an NHS supplier, resulting in some doctors having to use pen and paper to take patient notes. It was also alarming to find they had no access to patient files! This example demonstrates how weaknesses in a supply chain can have far-reaching consequences.
We’ve just heard about a plan, issued by the government, to promote cyber resilience across the health and care sectors by 2030 using five key pillars:
- identifying the areas of the sector where disruption would cause the greatest harm to patients, such as through sensitive information being leaked or critical services being unable to function.
- uniting the sector so it can take advantage of its scale and benefit from national resources and expertise, enabling faster responses and minimising disruption.
- building on the current culture to ensure leaders are engaged and the cyber workforce is grown and recognised, and relevant cyber basics training is offered to the general workforce.
- embedding security into the framework of emerging technology to better protect it against cyber threat.
- supporting every health and care organisation to minimise the impact and recovery time of a cyber incident.
It’s highly regrettable that the NHS needs to divert vital resources to fighting cybercrime, but this illustrates the scale of the problem. Cybercriminals do not care who they hit – health, education – everyone is a target. They will seek out weak systems and infiltrate wherever possible, holding organisations to ransom and causing mayhem as they go.
Issues within the NHS represent how our reliance on technology both improves our lives but also increases our vulnerabilities. As the NHS embraces digital transformations that help to provide a more efficient and economical service, so there are more potential entry points for the hackers.
If the hackers will hit the NHS and endanger patients’ lives, they will come after your business as well. Be prepared! Make sure you have thorough cyber security and cyber resilience in place to deal with any threats that could be coming your way. You won’t need a plan as thorough as the NHS and it certainly won’t take you until 2030 to implement, but the fight is an ongoing one. Whatever the measures you take to protect your business they need to be long-term, robust and adaptable.
Not sure how to keep your business safe? Ask us for help with cyber security and resilience planning.