The UK’s National Health Service (NHS) is a regular target for hackers and cybercriminals. Holding medical records for nearly 60 million patients, NHS IT is a goldmine of valuable personal data. And attacking NHS systems has the potential to significantly disrupt healthcare in the UK – like the recent ransomware attack that took several key systems offline in Northern Ireland.
Because the NHS is heavily reliant on its IT systems, the UK government has outlined a new strategy for improving cybersecurity by the year 2030. There are five key ‘pillars’ to the strategy that will help to ensure improved IT resilience across the entire organization.
Pillar #1 – Prioritizing patient care
The first step towards NHS IT cyber resilience is to identify systems where disruption will have the greatest negative impact on patients. This could be in terms of having their personal information stolen / leaked, or those systems which are necessary for providing critical care services. All future cybersecurity efforts must be built around the protection of patients and their health.
Pillar #2 – Improving collaboration
The NHS is split into several regional bodies called ‘trusts’. Although the NHS has common goals, each trust sets its own budget and strategy for meeting these targets – including IT security. Under the new cybersecurity plan, NHS trusts will be encouraged to work more closely together, pooling resources and expertise to enable faster responses to incidents and to minimize disruption.
Pillar #3 – More cybersecurity training
The NHS is developing its own ‘cyber workforce’ – IT security experts tasked with helping to develop and strengthen defenses against attackers. However, now that so many clinical tasks involve at least some IT, basic cyber security training will be provided to all employees to help raise overall standards across the organization.
Pillar #4 – Built-in cybersecurity
With many previous projects, security has been of secondary importance – NHS IT specialists have had to retrofit security defenses after a new system has already been rolled out. This approach is known to create problems and increase risk of breach.
In future, IT projects will address security from the very earliest stages of planning. By ‘embedding security into the framework of emerging technology’, the NHS will be better able to protect itself against threats.
Pillar #5 – Improving incident responses
Hospitals may be the ‘face’ of the NHS, but there are hundreds of other organizations that make up the service – like clinics, GP surgeries and care homes. The new strategy will see support being offered to every health and care organization to help them better protect themselves and their patients against cybercriminals.
More to come
The NHS has identified these five pillars as the key areas they need to address and a full implementation plan is set to follow this summer. This detailed plan will document how the NHS is to apply the new strategy and how they will measure the success of their efforts.
For British citizens, this new strategy is great news – proof that the NHS is determined to protect every aspect of their health and privacy.