Since its launch in 1948, the NHS has grown to become the largest publically funded health service in the world. It was born out of the ideal that good healthcare should be available to all.
For the first time, hospitals, doctors, nurses, pharmacists, opticians and dentists were brought together under one umbrella to provide services for free at the point of delivery.
In these 70 years the NHS has gone through monumental changes. The NHS has delivered huge medical advances and improvements to public health, from dramatically reducing diseases such as polio and diphtheria, to pioneering new treatments including the world’s first liver, heart and lung transplant.
As technology has advanced over the years the battles this institution has to fight have expanded from patient care and budgets and into the digital realm. As our world becomes more and more connected, it’s not just patients’ physical welfare the NHS has to protect, but their digital welfare too. As the NHS digitises its processes to provide more effective and efficient treatment for patients, its digital footprint is growing exponentially. And as witnessed in recent years, the data it now holds on patients is a lucrative bounty for cyber-criminals.
Last year the NHS infamously came under attack from the WannaCry ransomware that infected computers and spread laterally throughout its network. In light of WannaCry, cybersecurity was catapulted to the top of the agenda and in response to the attack the NHS announced it was spending £150 million over three years to bolster its defences against the growth of threats and cyber-attacks.
At the time, Health and Social Care Secretary, Jeremy Hunt said: “We know cyber-attacks are a growing threat, so it is vital our health and care organisations have secure systems which patients trust.”
Worldwide, spending on cyber-security has been increasing, but so too has the number of successful breaches. It has been reported that £60 million will be spent on upgrading the NHS’ firewalls, network infrastructures and other critical infrastructure weaknesses. However, with the root cause of over 80 percent of data breaches being because of the misuse of credentials, is a more modern strategy needed to improve defenses and prevent breaches in the future?
Patients and NHS staff both require a service that is secure, easy to use and doesn’t get in the way of patient care or treatment. Incorporating lengthy or ineffective security measures such as numerous password prompts can adversely affect user experience and impact how staff perform their roles.
In the healthcare industry in particular, any disruption can mean the difference between life and death. Over the next 70 years, the NHS will continue to be a prime target for attackers due to the nature of the data it holds. So it’s crucial to get cyber-security right now, starting at the identity layer will make the largest impact, fastest.
The future of cyber-security in the healthcare sector
To keep its patients, doctors and computing systems safe, secure, and working efficiently, the NHS needs to tear down silos of security information (across the network, endpoints, and identity management) and take a holistic approach to the entire threat landscape.
Advanced technologies such as adaptive authentication, access governance, automated penentration testing and security risk analytics, can prevent, detect, and respond to attacks to keep data safe. A well-thought out strategy takes a new approach to establish and sustain the digital identities of employees and partners while providing the least amount of disruption to secure the organisation.
Beyond this, bringing automation to identity security is another crucial step in the war against cyber-criminals, state sponsored attackers, and malicious insiders, where network, endpoint security, identity and access are no longer separated.
Such identity and security automation solutions allow security teams to visualise and prioritise threats, and use automated responses to mitigate risks as they are detected. Technology alone is never the sole solution, and staff need to understand the importance of their patients’ data. But time and resource are precious in the NHS and these steps can dramatically improve security posture and user experience for high-target enterprises so that saving lives for the next 70 years can remain its priority.
Contributed by James Romer, chief security architect for SecureAuth + Core Security.
This article originally appeared on SC Magazine UK on July 27, 2018