Protecting hospitals from cyber attacks: the objectives of the new NHS Cyber Security Strategy

The growing attention of cybercriminals towards the NHS poses a direct threat to people's lives. The numerous organizations in the healthcare system must guarantee the maximum possible protection of the privacy of their patients, an objective to which the new NHS Cyber Strategy promoted by the British government intends to contribute. The Cyber Security strategy for Health and Social Care aims to achieve resilience to cyber attacks by 2030 by making cyber security a priority to support emerging technology, but above all to minimize the impact and recovery time from possible accidents. But how can these goals be achieved? To ensure greater cybersecurity, healthcare organizations need to implement security best practices that protect their systems and the highly sensitive data they hold. In particular, there are four practices to adopt:

Embrace the principle of least privilege

It starts with implementing the principle of least privilege, one of the core principles of Zero Trust. This is vital as it ensures that users only have access to the software, computing systems and/or applications they need to do their job; they don't have to be able to access the entire corporate network. Not only does this approach help ensure data security by limiting the potential damage that could be caused by attacks, but it can also improve productivity by streamlining the digital tasks of every employee.

Delete unmanaged devices

The principle of least privilege must then be accompanied by the effective management of the devices used to access the networks. Unmanaged devices can reduce visibility and weaken security protocols, expanding an organization's vulnerabilities, making it much easier for cybercriminals to exploit user endpoints. Ensuring that only IT-approved devices have access to the network is of paramount importance.

Encrypt data as standard

All data should be encrypted on managed devices as standard and, if possible, also through hardware, as it generally offers greater security than software encryption. PIN keypad authenticated hardware encrypted USB storage devices can offer the highest level of data protection by eliminating the risk of keylogging, screen capture, and also removing the specific restrictions of operating system usage. This way you can limit any human errors and ensure you stay compliant with modern security legislation.

Implement a solid backup strategy

Resilience to cyberattack is important, but it must be accompanied by an effective recovery practice that enables healthcare organizations to respond effectively and quickly, should a data breach occur. In this case, it is necessary to implement a backup strategy, which is ideally based on the 3-2-1 rule, i.e. keep at least three copies of the data, on at least two different media, of which at least one copy is kept offsite. Having physical backup copies, even if you rely on cloud storage solutions, is essential in case the cloud provider experiences technical problems and/or suffers a data breach. With all these measures, organizations will be able to facilitate fast and reliable recovery for their operations.

Conclusions

Obviously, the new Cyber Security Strategy for Health and Social Care is much more complex than just described. Awareness, education and training, for example, are a useful tool to reduce the possible negligence associated with violations. These are efforts that must also be underpinned by the right protocols, processes and technologies to limit employee liability, minimize human error and promote security best practices. By adopting the right tools, skills and solutions, healthcare organizations can take simple but important steps towards ensuring maximum cybersecurity. These four practices are the starting point for building effective layered security that can limit modern cyber threats. Bottom line, healthcare organizations must protect their patients by taking all necessary steps to protect their data and systems. Ensuring computer security is not easy, but it is necessary to avoid dangerous consequences for the people involved. With these good practices, healthcare organizations will become resilient to cyber attacks so that even in the event of any breaches, they will be able to react quickly and effectively to restore the security of their systems and ensure the protection of patient privacy.