volume of cyber attacks<\/a> on critical infrastructure is on the increase. To prevent potentially catastrophic breaches like those we have witnessed across the NHS in recent years, officials must make funds readily available for critical infrastructure organisations like the NHS, to build cyber resilience and protect its citizens.<\/p>\nThe value of our health<\/h3>\n
There are various industries under particular threat from cybercriminals with nefarious agendas. Telecommunications is a core industry that criminals can use to gather and sort information that provides intelligence on individuals and organisations. Transport is critical infrastructure, but it\u2019s now rooted in IP (Internet Protocol) which lays out the location of vehicles, containers, delivery addresses and tracking systems among other sensitive information. This crosses over when you think about healthcare and the emergency services. Blue light services like ambulances are also at risk of being hacked and derailed if not protected properly but healthcare overall is essentially a high value data industry.<\/p>\n
Healthcare organisations handle extensive personal health information, comprising medical histories, lab results, and insurance details. This data is extremely sensitive, potentially embarrassing and holds significant value for cybercriminals. The risks are further amplified by the growing connectivity within healthcare systems, where patient data is shared across networks and accessed through various applications, including APIs (Application Programming Interfaces). Hence, protecting sensitive patient data is the top priority in the healthcare industry.<\/p>\n
Enabling digital and physical health<\/h3>\n
Maintaining confidentiality in healthcare involves ensuring the security and privacy of electronic data. To do this, NHS trusts need tools. However, with limited budgets in place this can be a challenge.<\/p>\n
In this situation, using technology that is multifaceted rather than solely focused on security offers the ability to monitor security but also document compliance, while providing visibility into performance and availability.<\/p>\n
Additionally, trusts would do well to collect the data that matters. Collecting reams of data with limited tools will only serve to overwhelm systems and professionals. The NHS should first determine its risk tolerance level and then seek to collate data from a minimum of six areas – Identity and Access Management, Audit and Accountability, Continuous Controls Monitoring, Configuration and Change Management, System Communications and Protection, and Incident Detection and Response. Minimising the data collected allows for better governance of that data.<\/p>\n
The use of forensics from previous attacks also provides an insight into the vulnerabilities of systems. Reviewing the details of past cyber breaches is a great way for organisations to examine their security posture to find gaps that need filling with tools, processes or people that can reinforce their cybersecurity strategies.<\/p>\n
Considering the vast amount of information contained in a single electronic health record, it’s no surprise that they continue to be a target for cybercriminals. Unfortunately, despite an organisation\u2019s risk posture, a cybersecurity event, to varying levels of severity, is inevitable. In those instances, properly collected event log data can provide visibility into the hackers\u2019 journey through infrastructure, networks, devices and software.<\/p>\n
While there are some preventable steps that healthcare organisations can take to protect their patients’ trust within critical infrastructures, ultimately the robustness of a cybersecurity posture depends on the intricacy of the policy, the depth of the strategy, and the accuracy of the tools implemented. The strategy is free, the implementation however, is priceless. Our new Labour government would do well to bear this in mind while considering the UK\u2019s digital future and its safety.<\/p>\n
\nRoss Brewer is VP and Managing Director EMEA at Graylog<\/a>.<\/strong><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"Managing patient care in a digital environment is a challenge to navigate for any health services. The need to store accurate patient healthcare records and share these electronically is undeniable. However, the ability for these systems to communicate across platforms while remaining secure is a bottleneck yet to be unplugged. <\/p>\n","protected":false},"author":159,"featured_media":5527,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[44,25],"tags":[],"acf":[],"_links":{"self":[{"href":"https:\/\/integratedcarejournal.com\/wp-json\/wp\/v2\/posts\/5524"}],"collection":[{"href":"https:\/\/integratedcarejournal.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/integratedcarejournal.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/integratedcarejournal.com\/wp-json\/wp\/v2\/users\/159"}],"replies":[{"embeddable":true,"href":"https:\/\/integratedcarejournal.com\/wp-json\/wp\/v2\/comments?post=5524"}],"version-history":[{"count":5,"href":"https:\/\/integratedcarejournal.com\/wp-json\/wp\/v2\/posts\/5524\/revisions"}],"predecessor-version":[{"id":5534,"href":"https:\/\/integratedcarejournal.com\/wp-json\/wp\/v2\/posts\/5524\/revisions\/5534"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/integratedcarejournal.com\/wp-json\/wp\/v2\/media\/5527"}],"wp:attachment":[{"href":"https:\/\/integratedcarejournal.com\/wp-json\/wp\/v2\/media?parent=5524"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/integratedcarejournal.com\/wp-json\/wp\/v2\/categories?post=5524"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/integratedcarejournal.com\/wp-json\/wp\/v2\/tags?post=5524"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}