The growing digitisation of patient records and clinical systems has transformed healthcare in recent years and allowed clinics, hospitals and GP surgeries to dramatically improve the quality of care that is available across the UK and Ireland. That same transformation has delivered increased connectivity and information systems that unfortunately, bring with them an increased level of cyber risk.
Information Security really comes down to three key components which are; Confidentiality, Integrity and Availability (Often called the CIA Triad). The emphasis on a single one of these components can often be greater for some organisations than others. For example, a company providing Legal services may reasonably be more concerned with Confidentiality and Integrity than Availability, whilst e-commerce retailers are likely to focus heavily on Availability so that they can minimise disruption and maximise revenues.
Healthcare however, plays a much more critical role in all of our lives, and the loss of any one of those three components can have catastrophic, and potentially life threatening results. We witnessed this back in 2017 as WannaCry disrupted NHS services across the UK, delaying treatments and procedures which rippled through society causing significant delays and prolonged discomfort for patients.
We now see more of the same, however in the fall-out of the COVID-19 pandemic, Health Care services are already strained and therefore we can expect to see even higher impacts of a Ransomware attack such as this. Sadly, according to the trend we see and the now apparent vulnerability of the organisations that are targeted, we expect these attacks to increase in frequency.
In the coming weeks, we will undoubtedly learn more about the attack, how it entered and travelled through the network, as well as the damage it has done to the delivery of Health Care in Ireland. In the meantime, as Winston Churchill once said, “Never waste a good crisis”. This is a stark reminder of the impact Ransomware can have, not only within an organisation, but across an entire sector and nation.
It is important that all organisations take the time to ensure they have considered the controls it has in place to prevent, detect, and respond to Cyber Attacks. Understand not only how resilient your organisation is to Cyber Attack, but how effective you are at executing that response, and finally, how prepared your organisation is to manage such a disruptive attack.
QinetiQ provide managed services, cyber exercising and architecture services to some of the UK’s most secure environments and security conscious organisations. To understand how we can help your organisation prepare and plan for event such as these, please contact us at firstname.lastname@example.org.