Cyberattacks among UK healthcare facilities are only increasing, with many systems being outdated and lacking proper security. Here, Dirk Schrader, VP of Security Research at Netwrix, speaks to us about how organisations in this space can utilise the cloud, protecting themselves against criminals.
Cyberattacks against the UK’s public infrastructure are an ongoing problem, with healthcare cited as the eighth most targeted sector by cybercriminals, according to reports. In August 2022, the NHS confirmed that hackers had stolen data from its digital systems via a ransomware attack. This attack led to major disruptions across multiple NHS services including emergency prescription services and the 111 non-emergency advice line. Most notably, the Adastra patient management system was also affected – a non-emergency ambulance dispatch service which helps doctors to access patient records and carries the private medical information of nearly 40 million UK patients.
Without effective change, further incidents are likely to reoccur. Therefore, leaders within the sector should be increasingly concerned about – and looking to mitigate – account compromises and other forms of cyberattacks targeting their networks.
Recent trends in the cloud security landscape
According to findings from a recent Netwrix Cloud Data Security Report, 73% of healthcare organisations and medical facilities store their sensitive data within the cloud. The most common type of data stored by these organisations is patient or protected health information (45%). Moreover, healthcare organisations plan to increase the share of their workload in the cloud from 38% to 54% by the end of 2023.
Regarding cyberattack trends, the report found that 61% of healthcare and medical facilities suffered at least one cyberattack against their cloud infrastructure within the last year – a rate that is expected to increase overtime. Yet only 14% of healthcare respondents that had experienced a cyberattack claimed it had no impact on their organisation. The rest faced additional expenses, like ones to cover security gaps or compliance fines.
The most common cyberattacks healthcare facilities faced against their cloud infrastructures were phishing, ransomware and account compromises. The last type of attack seemed to be one of the most challenging to detect, as 20% of organisations needed days and 7% needed weeks to spot this malicious activity.
As the initial vector of an attack, hackers typically use two main approaches. The first is by stealing an employee’s weak login credentials, such as a username and password, to access their target’s cloud infrastructure. The second is to convince a user to click on a seemingly genuine website link or email attachment, to deploy the malware. With this, sector leaders’ concerns surrounding cloud security are warranted, particularly when it comes to the cyber-hygiene practices used by external and third-party users. In fact, 48% of healthcare organisations consider contractors and partners with legitimate access to data in the cloud as their biggest security risk.
How healthcare organisations can protect the cloud
Nearly three-quarters of leaders (69%) throughout the healthcare sector see the cloud as a way to reduce costs, while 55% see it as a way to enhance their cybersecurity. Another 33% mention cloud adoption as a measure to enable remote and hybrid work capabilities. To mitigate the risks of emerging cyberthreats, some organisations have already taken steps towards improving their cloud security posture. As pre-emptive measures, 73% of healthcare facilities have chosen to use encryption, 66% have implemented Multi-Factor Authentication (MFA) solutions and 61% have enforced internal employee cybertraining.
However, it is important to consider the internal challenges healthcare organisations face which could contribute to the increasing rate of successful attacks and the length of time needed to detect them. Our findings revealed that understaffed IT or cybersecurity teams, lack of cloud security expertise and budget were cited as the three biggest challenges that healthcare and medical facilities have faced when reinforcing their cloud security.
As part of best practices, healthcare leaders should consider optimising their backups by ensuring that the most essential data can be quickly restored soon after an attack or data breach. This can include prioritising the Personally Identifiable Information (PII) of customers, employees and corporate financial information. Additionally, only files which were compromised in the event of a security breach should be restored. This will help to reduce the extent of necessary recovery efforts, reduce service disruptions and speed up the recovery process.
To achieve this, it is important to determine what data is essential and where exactly it resides within the cloud. Automated data classification solutions can provide full visibility into data storage and help focus efforts on what is most urgent – both in the cloud and on-premises. In fact, 64% of those surveyed plan to implement data classification as a cloud protection measure.
Last but not least, healthcare organisations should pay special attention to the Internet of Things (IoT) devices and systems. Those that have are usually poorly secured and left with default security configurations. Network segmentation will help prevent one compromised device from impacting the entire system. IT teams must also strictly limit who — both humans and machines — can access what data and systems according to the least-privilege principle and regularly review and right-size those access rights.
As the cloud security landscape continues to evolve, the cybersecurity measures utilised by
the healthcare sector should evolve along with it. With the data security of so many UK patients at risk, many medical and healthcare facilities are already taking proactive measures to enhance the foundation of their cloud security. This is an ongoing process and there is still much to be done before the sector can successfully thwart modern cloud security threats. Only restrictive access permissions, an effective recovery plan and widespread cybersecurity training – which follows current best practices – can the healthcare sector successfully defend against the risks targeting their cloud systems and digital networks.Click below to share this article