4th Platform logo white

Guarding Britain’s Health: Strengthening Cybersecurity in the UK Healthcare Sector

Image of NHS Staff

This month (June 2024), NHS London fell victim to a brutal cyberattack, forcing administrators to cancel operations and transfer emergency patients to alternative centres immediately. Among the affected were some of the best-known hospitals in the country, including King’s College Hospital, Guy’s and St Thomas’, Evelina London Children’s Hospital, and the Royal Brompton.

However, this issue is not new. Back in 2020, the first death by ransomware was recorded in Düsseldorf. An attack paralysed the hospital’s systems, forcing it to halt all admissions to its A&E department. This led to staff frantically diverting inpatients to a city 19 miles away, proving fatal for one woman. Then, in August 2022, the UK’s NHS 111 service was taken offline by a severe cyberattack through its supply chain, via its service provider, Advanced, affecting 40 million people.

These incidents illustrate the gravity of ransomware attacks on the healthcare sector. In this blog, we will delve deeper into recent trends so your company can maintain agility in the face of ever-evolving and ruthless attacks.

The information for this blog was sourced using Thrive. You can read the full story here

Complex Supply Chain

Britain’s NHS delivers care to 68 million people and is one of the world’s largest employers, providing work to 1.7 million people. Despite its vast size, it was successfully breached earlier this month, causing significant disruptions, including six entire NHS trusts. Many GP practices spread across southeast London, serving 2 million Brits, were affected due to a breach in Synnovis, a private firm the NHS uses for blood test examinations.

A senior NHS source warned that it would take “many months” to resolve and that it is not yet clear “how the hackers gained access to the system, how many records have been affected, and whether these records are retrievable.” As a result, even an entity with the enormous infrastructure of the NHS has been forced to revert to paper records, where patients’ information is printed and blood samples are hand-delivered by porters.

In 2022, the NHS suffered a severe ransomware attack due to a violation of its Adastra software, operated by a third party. This ransomware attack not only caused financial disruption but also distress to patients in care homes whose data was sold.

Attacks continue. Earlier this year, in March 2024, NHS Dumfries & Galloway was hit by an attack that caused widespread distress and the release of confidential patient data. The implications and investigations of this attack are ongoing, and public concern continues.

Why is the UK Healthcare Sector So Vulnerable?

Martin Lee, Cisco’s UK-based security research lead, warns: “When healthcare systems and data are unavailable, lives are potentially at risk. This makes the sector a tempting target for criminals. Outages put pressure on management to pay off the attackers to restore availability quickly. However, paying the ransom means that these attacks remain profitable and ultimately only serve to encourage further attacks.”

According to a report by Cisco’s Talos threat intelligence division, healthcare providers were the most targeted by ransomware gangs last year. The report attributed this to these organisations having “underfunded budgets for cybersecurity and low downtime tolerance.”

The figures back this up, marking the third time that Synlab and Synnovis have been attacked, affecting pathology services across Europe. For instance, in June 2023, the ransomware gang Clop breached the French branch and stole data, while earlier this year, Synlab’s Italian subsidiary was hit by a separate ransomware group, Black Basta. The group gained access to around 1.5TB of data and published it in its entirety when no final ransom was paid.

A similar attack in 2020 targeted the Finnish mental health giant Vastaamo, where a copy of all data on the system was sent to the attacker. This included names, addresses, and notes from therapy sessions, making it devastating for the mental health of its victims. Vastaamo has now ceased trading.

Concerns over the potential escalation of these attacks were raised in Parliament in 2023. The increasing use of digital healthcare in the UK means more critical equipment and systems are connected to the internet, making them a potential target for cybercriminals. In a post-COVID world, the use of telemedicine is increasing. In 2023, the NHS began circulating information on ‘Connected Medical Devices’ cyber vulnerabilities to its staff. In February 2024, the World Economic Forum named the healthcare sector the biggest target for cybercrime due to the critical data it holds and the online devices controlling people’s lives.

How Has Unpreparedness for Attacks Affected the Healthcare Sector?

The desperate need to get back online is one of the reasons why 38% of healthcare organisations are reported to have paid a ransomware fee. A 2022 survey of 100 cybersecurity managers in the UK health sector found that 81% of healthcare organisations in the UK had been hit by ransomware in the previous year. Whilst 38% paid the ransom to regain their files, 44% refused to pay and lost their healthcare data. Close to two-thirds (64%) of respondents admitted their organisation had to cancel in-person appointments because of a cyber-attack.

Even unexpected sources can be vulnerable in the healthcare sector. The London Borough of Camden recently warned of a risk to personal data after one of their suppliers of beds, hoists, and grab rails was attacked. Computers attached to MRI machines, CT scanners, blood pressure, and heart-rate monitors are vulnerable and provide back doors into connected systems.

How Can You Protect Your Business?

These numerous and ruthless attacks serve as a stark reminder to have measures in place to prevent being caught off guard. The NHS experience illustrates how even large, well-resourced providers can be vulnerable to prolonged disruptions if proper security measures are not in place. The UK government has committed to a series of measures to support healthcare providers by 2030. In the meantime, businesses in the supply chain must take appropriate measures to keep defences high.

At 4th Platform, we are dedicated to helping organisations fortify their cybersecurity. By staying informed about the latest threats and implementing robust security protocols, we can collectively safeguard the UK’s healthcare sector from future attacks. Visit our Cybersecurity page for more information.

Scroll to Top