Cyber Security artist impression image

Understanding NHS cyber risks of remote working during Covid-19

When the Covid-19 pandemic hit the UK and sent the country into lockdown in March last year, it catalysed a huge disruption of regular working patterns. People, including health and care workers, were forced to stay at home, many working remotely for the first time. Although some industries and organisations had systems in place to support remote working whilst maintaining the privacy and security of their employees and data, the majority were not adequately prepared for the enforcement of this digital revolution.

This included the NHS. Many services were put on hold as the health service diverted its attentions towards combatting the virus. Thousands of non-Covid related consultations were now taken remotely in order to minimise the risk of transmission and to enable staff to keep working without going into work. This, however, required NHS staff to access clinical software systems from their home devices, which are more vulnerable to cyber attack.

Threats of remote working

Using a multitude of devices across different locations makes it easier for brute force password spraying attacks to go undetected, putting sensitive data at risk. It also increases the likelihood that users do not receive the regular reminders to change their passwords when they are about to expire. This can lead to login issues or to users keeping passwords for longer than advised, making the service more susceptible to password breaches. Remote password resets are also one of the most burdensome and risk prone problems for service desks, with studies showing up to 50% of support calls relate to password resets.

Lori Osterholm, CTO of Specops Software, commented on the cyber security risks exacerbated by the pandemic: “The current crisis means that organisations are more vulnerable than ever to cyber-attacks. Hackers are taking advantage of the situation and hoping that organisations will let down their guard when monitoring and patching their systems for vulnerabilities. Hackers are also using the stress regular users are feeling and crafting phishing scams to exploit the current situation. Protecting your organisation from weak and leaked passwords has never been more important.”

As a result of this, the NHS released guidance on keeping safe and secure whilst working from home, which included advice on managing passwords. It warned users to be alert for malicious emails regarding NHS login credentials, for instance those asking users to ‘renew’ their passwords, as well as recommending users to put password protections on confidential documents. This followed advice by the National Cyber Security Centre (NCSC) released to organisations and management on how to prepare their staff for safe home working.

IT worker using a laptop from home

Password Protection

A key takeaway from both these advisories was the need for strong passwords on user accounts. In order to ensure these are met, the advisories suggest they are managed by strong, institutionally-mandated frameworks in order to take the pressure off the individual of creating an appropriately secure password. This is particularly important during a critical, high-stress transitional time for staff members, where data security is of the utmost importance.

The NCSC also highlighted how the stress and disruption to workflows instigated by the pandemic did not leave much time for staff to get to grips with new technologies, so any security applications put in place must be easy to set up and use – resulting in quick time to value. Given the laborious alternative of a manual remote password reset needed when an end user lets their password expire, having a comprehensive password management system is crucial.

This is where programmes such as Specops Software’s uReset have come to the fore. The management service enables users to address a wide range of password related tasks, from password changes to dealing with account lockouts all while providing users with clear password policy feedback, including password change failure due to breached password use. It provides secure self-service password resets with a range of multi-factor authentication (MFA) avenues. Crucially, the platform is adaptable to the needs of the client, to ensure resets can be executed with minimal hassle to the end user.

Unlike OOTB options, the service facilitates remote password resets regardless of location or device, minimising pressure on IT help desks. A core part of this is the automatic update of locally cached credentials. uReset is natively integrated into Active Directory meaning it automatically updates blocked password options and stores password data directly within the AD to minimise security risks.

Eric Tanner, Service Desk Manager at the Medical College of Wisconsin, who have been using uReset since 2016, commented on how the solution’s ease of use benefited their end users: “We had Specops uReset installed in about 30 minutes and it was launched at the same time we introduced the new password complexity requirements, resulting in a very low number of password reset calls to the service desk during that time. But most importantly the system has proven to be super end user friendly, especially around authentication… Our users get it, it’s quick, and secure.”

How Specops is Helping the Healthcare Industry

Specops Software is the leading provider of password management and authentication tools. Working with several NHS Trusts to help protect them against cyber security threats, their password management services ensure healthcare organisations can keep working safely and securely, even with the added strain of the Covid-19 pandemic and the associated vulnerabilities of a country-wide transition to remote working.

Specops is currently offering a free trial of its uReset platform to interested healthcare agencies in order to support the continuation of secure, patient-driven care.

By Sophie Porter – Health Tech Writer

NHE September / October 2024

NHE September / October 2024

Join the conversation shaping the future of healthcare.

Click below to read more!

More articles...

View all
Online Conference

Presenting

2024 Online Conferences

In partnership with our community of health sector leaders responsible for delivering the UK's health strategy across the NHS and the wider health sector, we’ve devised a collaborative calendar of conferences and events for industry leaders to listen, learn and collaborate through engaging and immersive conversation. 

All our conferences are CPD accredited, which means you can gain points to advance your career by attending our online conferences. Also, the contents are available on demand so you can re-watch at your convenience.

National Health Executive Podcast

Listen to industry leaders on everything within healthcare

Whether it's the latest advancements in medical technology, healthcare policies, patient care innovations, or the challenges facing healthcare providers, we cover it all.

 

Join us as we engage with top healthcare professionals, industry leaders, and policy experts to bring you insightful conversations that matter.