Health Service Focus

12.11.18

The need for cyber resilience in healthcare

Source: Advertisement feature

Dirk Schrader, VP security at Greenbone Networks and certified information security manager, discusses the need for sustainable cyber resilience and how healthcare organisations can achieve such a state for their own information processes and data processing systems and assets.

Keep a hospital in operation has a lot to do with keeping IT-based systems and processes working. If the PAS isn’t available to admit a patient, the PACS cannot retrieve a required X-ray, or the ICU system monitoring patients is affected, and the core functions of a hospital are severely hampered.

Do you remember May 2017 when WannaCry hit, and its coverage in the media made it one of the most discussed cyber-attacks ever? Patients were asked to stay at home and not to come in for a necessary treatment. Since then, the world has seen many other examples of attacks against IT-infrastructure and data in the health sector, like in Norway, Singapore, Germany and Australia. That more events like Wannacry will be seen in future seems inevitable.

Changing information security paradigms

One reason we will see more cyber breaches is that the paradigm for information security in the health sector is still focused on the attacker instead of considering one’s own cyber security posture. That seems particularly odd in a sector where health promotion, “the process of enabling people to increase control over, and to improve, their health,” is an element of the WHO charter aiming at increasing people’s resilience to health issues.

In the cyber world there is a similar way to increase the resilience of a given IT-infrastructure, and IT-based processes. Cyber resilience is achieved when you successfully address the core elements of a cyber-attack. Any cyber-attack needs three elements to be successful:

  • The capability of an attacker to carry out the attack;
  • The reachability of the target for the attacker;
  • A vulnerability the attacker can exploit.

For the first element, no one can stop a cyber-criminal from learning new methods to attack or from developing new attack schemes to expand his or her capabilities. We should also use the internet to keep ourselves up-to-date about those new techniques and attack vectors.

Old fashioned, standard approach

Related to reachability, current cyber defence strategies in the health sector focus on using available technologies to monitor, police, and block the reachability of a targeted system from the outside in an attempt to stop an attack while it is happening. This strategy is attack-oriented only. It tries to detect an attack while it is happening, and to deter an attacker by increasing the cost of an attack using a somewhat bigger defence technology, thus creating a bigger wall to breakthrough.

Attackers evade those reactive mechanisms using numerous techniques and aim at the vulnerabilities within the target’s IT infrastructure. Symantec’s research states that in the last four years, about 1.5bn new variants of malware have been generated in exploit kits used by attackers. The other interesting fact is that these exploit-kits target approximately 800 vulnerabilities, the third element of the list above.

The resilience leverages

Existing vulnerabilities in a given IT infrastructure (and there is not a single one without them) form an attack surface that can be exploited. The smaller that surface is, the longer an attacker has to spend to try to break your cyber security, making other, easier targets more attractive. Managing IT-related vulnerabilities reduces the attack surface and increases the resilience of the infrastructure and also the cyber resilience of a hospital’s processes.

Managing vulnerabilities in a process-oriented, asset-ware manner reduces the risk related to digital assets in your infrastructure.

For more details about sustainable cyber resilience in health sector, please check out our White Paper: greenbone.net/en/whitepaper/health

For more information:

E: health@resilience.greenbone.net

W: www.greenbone.net/en/

Tw: @GreenboneEN

 

Enjoying NHE? Subscribe here to receive our weekly news updates or click here to receive a copy of the magazine!

Comments

There are no comments. Why not be the first?

Add your comment

 

national health executive tv

more videos >

latest healthcare news

Private mental health group The Priory fined £300,000 over death of 14-year-old girl

17/04/2019Private mental health group The Priory fined £300,000 over death of 14-year-old girl

Private mental health group The Priory healthcare group has been fined £300,000 for breaching health and safety laws following the death of... more >
Routine breech scans could lower mother and baby mortality rates and save NHS money, researchers say

17/04/2019Routine breech scans could lower mother and baby mortality rates and save NHS money, researchers say

Scanning mothers-to-be late in their pregnancy could prevent 15,000 unexpected breech births, 4,000 emergency C-sections, and the deaths of up to... more >
City council rejoins ICS after reforms agreed in privatisation and accountability row

17/04/2019City council rejoins ICS after reforms agreed in privatisation and accountability row

Nottingham City Council is to rejoin its local NHS integrated care system (ICS) after significant reforms were made to the way the system runs in... more >

editor's comment

25/09/2017A hotbed of innovation

This edition of NHE comes hot on the heels of this year’s NHS Expo which, once again, proved to be a huge success at Manchester Central. A number of announcements were made during the event, with the health secretary naming the second wave of NHS digital pioneers, or ‘fast followers’, which follow the initial global digital e... read more >

last word

Hard to be optimistic

Hard to be optimistic

Rachel Power, chief executive of the Patients Association, warns that we must be realistic about the very real effects of continued underfunding across the health service. It’s now bey... more > more last word articles >

681 149x260 NHE Subscribe button

the scalpel's daily blog

Our Health Heroes

16/04/2019Our Health Heroes

Dean Royles, strategic workforce advisor at Skills for Health and co-author of ‘An Introduction to Human Resource Management,’ discusses the upcoming Our Health Heroes Awards. There are many metaphors to describe staff working in healthcare. Junior doctors have been described as the ‘backbone’ of the NHS, nurses are often referred to as ‘angels’, general practitioners as the ‘bedrock’ of t... more >
read more blog posts from 'the scalpel' >

comment

Turning blue lights green

11/04/2019Turning blue lights green

Polly Billington, director of UK100, a cities network that campaigns on environmental issues, argues that the NHS needs a national strategy for a... more >
Going back to school at Gloucestershire Hospitals NHS Foundation Trust

10/04/2019Going back to school at Gloucestershire Hospitals NHS Foundation Trust

Steve Hams, director of quality and chief nurse at Gloucestershire Hospitals NHS Foundation Trust (GHFT), demonstrates how cultural change has im... more >
How the new nursing associate role will break new ground

10/04/2019How the new nursing associate role will break new ground

Danny Mortimer, chief executive of NHS Employers, introduces us to the new nursing associate role, and how it’s set to complement the NHS L... more >
A smarter approach to tackling AMR

10/04/2019A smarter approach to tackling AMR

Antimicrobial resistance (AMR) is estimated to cause 700,000 deaths each year globally. This could rise to 10 million by 2050 if we do nothing. B... more >
Working together to improve volunteer impacts

10/04/2019Working together to improve volunteer impacts

Emma Easton, head of voluntary partnerships at NHS England, highlights the importance of volunteers in the health service and outlines the brilli... more >

interviews

How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

24/10/2018How can winter pressures be dealt with? Introduce a National Social Care Service, RCP president suggests

A dedicated national social care service could be a potential solution to surging demand burdening acute health providers over the winter months,... more >
RCP president on new Liverpool college building: ‘This will be a hub for clinicians in the north’

24/10/2018RCP president on new Liverpool college building: ‘This will be a hub for clinicians in the north’

The president of the Royal College of Physicians (RCP) has told NHE that the college’s new headquarters based in Liverpool will become a hu... more >
Duncan Selbie: A step on the journey to population health

24/01/2018Duncan Selbie: A step on the journey to population health

The NHS plays a part in the country’s wellness – but it’s far from being all that matters. Duncan Selbie, chief executive of Pu... more >
Cutting through the fake news

22/11/2017Cutting through the fake news

In an era of so-called ‘fake news’ growing alongside a renewed focus on reducing stigma around mental health, Paul Farmer, chief exec... more >
Tackling infection prevention locally

04/10/2017Tackling infection prevention locally

Dr Emma Burnett, a lecturer and researcher in infection prevention at the University of Dundee’s School of Nursing and Midwifery and a boar... more >