Health Service Focus

12.11.18

The need for cyber resilience in healthcare

Source: Advertisement feature

Dirk Schrader, VP security at Greenbone Networks and certified information security manager, discusses the need for sustainable cyber resilience and how healthcare organisations can achieve such a state for their own information processes and data processing systems and assets.

Keep a hospital in operation has a lot to do with keeping IT-based systems and processes working. If the PAS isn’t available to admit a patient, the PACS cannot retrieve a required X-ray, or the ICU system monitoring patients is affected, and the core functions of a hospital are severely hampered.

Do you remember May 2017 when WannaCry hit, and its coverage in the media made it one of the most discussed cyber-attacks ever? Patients were asked to stay at home and not to come in for a necessary treatment. Since then, the world has seen many other examples of attacks against IT-infrastructure and data in the health sector, like in Norway, Singapore, Germany and Australia. That more events like Wannacry will be seen in future seems inevitable.

Changing information security paradigms

One reason we will see more cyber breaches is that the paradigm for information security in the health sector is still focused on the attacker instead of considering one’s own cyber security posture. That seems particularly odd in a sector where health promotion, “the process of enabling people to increase control over, and to improve, their health,” is an element of the WHO charter aiming at increasing people’s resilience to health issues.

In the cyber world there is a similar way to increase the resilience of a given IT-infrastructure, and IT-based processes. Cyber resilience is achieved when you successfully address the core elements of a cyber-attack. Any cyber-attack needs three elements to be successful:

  • The capability of an attacker to carry out the attack;
  • The reachability of the target for the attacker;
  • A vulnerability the attacker can exploit.

For the first element, no one can stop a cyber-criminal from learning new methods to attack or from developing new attack schemes to expand his or her capabilities. We should also use the internet to keep ourselves up-to-date about those new techniques and attack vectors.

Old fashioned, standard approach

Related to reachability, current cyber defence strategies in the health sector focus on using available technologies to monitor, police, and block the reachability of a targeted system from the outside in an attempt to stop an attack while it is happening. This strategy is attack-oriented only. It tries to detect an attack while it is happening, and to deter an attacker by increasing the cost of an attack using a somewhat bigger defence technology, thus creating a bigger wall to breakthrough.

Attackers evade those reactive mechanisms using numerous techniques and aim at the vulnerabilities within the target’s IT infrastructure. Symantec’s research states that in the last four years, about 1.5bn new variants of malware have been generated in exploit kits used by attackers. The other interesting fact is that these exploit-kits target approximately 800 vulnerabilities, the third element of the list above.

The resilience leverages

Existing vulnerabilities in a given IT infrastructure (and there is not a single one without them) form an attack surface that can be exploited. The smaller that surface is, the longer an attacker has to spend to try to break your cyber security, making other, easier targets more attractive. Managing IT-related vulnerabilities reduces the attack surface and increases the resilience of the infrastructure and also the cyber resilience of a hospital’s processes.

Managing vulnerabilities in a process-oriented, asset-ware manner reduces the risk related to digital assets in your infrastructure.

For more details about sustainable cyber resilience in health sector, please check out our White Paper: greenbone.net/en/whitepaper/health

For more information:

E: health@resilience.greenbone.net

W: www.greenbone.net/en/

Tw: @GreenboneEN

 

Enjoying NHE? Subscribe here to receive our weekly news updates or click here to receive a copy of the magazine!

Comments

There are no comments. Why not be the first?

Add your comment

 

national health executive tv

more videos >

latest healthcare news

HEE to invest £10m to expand the NHS & care workforce

08/07/2020HEE to invest £10m to expand the NHS & care workforce

Health Education England (HEE) has announced it will invest £10m in funding to help support the growth of the clinical workforce, with the ... more >
RCGP calls for less arduous regulation, more trust in GPs

08/07/2020RCGP calls for less arduous regulation, more trust in GPs

A new report published by the Royal College of GPs calls for a permanent reduction in bureaucracy and red tape in the post-coronavirus period, al... more >
NHS Open Space preparing to return to normal service

08/07/2020NHS Open Space preparing to return to normal service

As part of efforts to return to normal service post-lockdown, efforts are being made to make many NHS Open Space rooms available to book once aga... more >

editor's comment

26/06/2020Adapting and Innovating

Matt Roberts, National Health Executive Editorial Lead. NHE May/June 2020 Edition We’ve been through so much as a health sector and a society in recent months with coronavirus and nothing can take away from the loss and difficulties that we’ve faced but it vital we also don’t disregard the amazing efforts we’v... read more >

last word

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad: ‘We all have a role to play in getting innovations quicker’

Haseeb Ahmad, president of the Association of the British Pharmaceutical Industry (ABPI), sits down with National Health Executive as part of our Last Word Q&A series. Would you talk us th... more > more last word articles >

the scalpel's daily blog

NHS at 72: Managing mental health services going forward

03/07/2020NHS at 72: Managing mental health services going forward

Sean Duggan, Chief Executive of the Mental Health Network Let’s take this opportunity to reflect on the amazing achievements of our health system over the past few months. But as we recognise the best of the NHS and its response to the Covid-19 crisis we must not forget that for mental health the peak has yet to come. Covid-19 has placed enormous pressure on the entire health and care system. Despite the very real hardships f... more >
read more blog posts from 'the scalpel' >

comment

NHS England dementia director prescribes rugby for mental health and dementia patients

23/09/2019NHS England dementia director prescribes rugby for mental health and dementia patients

Reason to celebrate as NHS says watching rugby can be good for your mental health and wellbeing. As the best rugby players in the world repr... more >
Peter Kyle MP: It’s time to say thank you this Public Service Day

21/06/2019Peter Kyle MP: It’s time to say thank you this Public Service Day

Taking time to say thank you is one of the hidden pillars of a society. Being on the receiving end of some “thanks” can make communit... more >
Nurses named as least-appreciated public sector workers

13/06/2019Nurses named as least-appreciated public sector workers

Nurses have been named as the most under-appreciated public sector professionals as new research reveals how shockingly under-vauled our NHS, edu... more >
Creating the Cardigan integrated care centre

10/06/2019Creating the Cardigan integrated care centre

Peter Skitt, county director and commissioner for Ceredigion Hywel Dda University Health Board, looks ahead to the new integrated care centre bei... more >
Helpforce to launch training programmes for NHS volunteers

10/06/2019Helpforce to launch training programmes for NHS volunteers

Kay Fawcett OBE, clinical advisor and education lead at Helpforce, and Lynn Twinn, talent development consultant, outline the new national traini... more >

interviews

Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

24/10/2019Matt Hancock says GP recruitment is on the rise to support ‘bedrock of the NHS’

Today, speaking at the Royal College of General Practitioners (RCGP) annual conference, Matt Hancock highlighted what he believes to be the three... more >
NHS dreams come true for Teesside domestic

17/09/2019NHS dreams come true for Teesside domestic

Over 20 years ago, a Teesside hospital cleaner put down her mop and took steps towards her midwifery dreams. Lisa Payne has been delivering ... more >
How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

24/10/2018How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

A dedicated national social care service could be a potential solution to surging demand burdening acute health providers over the winter months,... more >
RCP president on new Liverpool college building: ‘This will be a hub for clinicians in the north’

24/10/2018RCP president on new Liverpool college building: ‘This will be a hub for clinicians in the north’

The president of the Royal College of Physicians (RCP) has told NHE that the college’s new headquarters based in Liverpool will become a hu... more >
Duncan Selbie: A step on the journey to population health

24/01/2018Duncan Selbie: A step on the journey to population health

The NHS plays a part in the country’s wellness – but it’s far from being all that matters. Duncan Selbie, chief executive of Pu... more >