The real diagnosis for the health of NHS cybersecurity

The real diagnosis for the health of NHS cybersecurity

In light of mounting pressure for the healthcare industry to address security vulnerabilities paired with mixed reports on its success so far, Infoblox and Veracode comment on the real state of cybersecurity in healthcare.

In recent news from overseas, the FDA has warned Americans that hackers could compromise insulin pumps by connecting to them via Wi-Fi.

A 2017 study from the Technology and Health Care journal found that the US healthcare industry doesn’t keep up with new cybersecurity precautions, this is despite a 2018 study from medical journal Maturitas finding that medical devices — including insulin pumps and pacemakers — are highly vulnerable to cybercrime.

In contrast, a study from Infoblox found that in the UK, the number of security policies in place for new connected devices has increased from 85 to 89% with fewer respondents doubting the effectiveness of these policies (9% in 2019/13% in 2017).

This signals a big step forward for the UK, particularly after the disaster that was WannaCry two years ago, and shows that the US could have something to learn from how the UK healthcare system has addressed security vulnerabilities.

In saying that, the NHS still has a way to go to modernise its infrastructure, as noted in another recent report raising concerns about the possibility of another WannaCry scale attack.

Interestingly, despite ongoing concerns, a Veracode study found that globally, the healthcare sector is the fastest industry when it comes to addressing common vulnerabilities found in software.

The global report found healthcare organisations took only six days to address a quarter of their vulnerabilities in code and just seven months (216 days) to remediate the majority (75%) of vulnerabilities. That’s almost eight months faster than the average organisation who is taking 15 months (472 days) to fix 75% of its vulnerabilities.  

Rob Bolton, director of Western Europe at Infoblox commented,“The widespread disruption caused by the WannaCry attack on the NHS two years ago was a wake-up call to healthcare providers everywhere.

“We can expect the risk of such attacks to continue to grow as technology is more widely adopted. It’s encouraging, therefore, to see more spending on cybersecurity provision, and a more sensible approach to managing the connected devices that have become increasingly crucial to the efficient delivery of care.

“By taking such precautions, healthcare IT providers are right to be more confident about their ability to tackle threats to their network. They mustn’t become complacent, though, and must continue to think strategically about ensuring the security of their networks and – most importantly – the safety of their patients.”

Paul Farrington, EMEA chief technology officer at Veracode added, “Healthcare organisations are remediating at the most rapid rate at every interval compared to their peers.

“It takes just a little over seven months for healthcare organisations to reach the final quartile of open vulnerabilities, about eight months sooner than it takes the average organisation to reach the same landmark. 

“It shows remarkable resilience for an industry which was heavily targeted and badly damaged during the WannaCry ransomware attack two years ago.

“However, millions of cyber-attacks are aimed at the healthcare sector each day, seeking any weak spot. Using code that is secure from the start can help healthcare reduce security risk further.” 

Related Articles