Guarding Britain’s Health: Strengthening Cybersecurity in the UK Healthcare Sector

This month, NHS London was victim to a brutal cyberattack, forcing admin to cancel operations and transfer emergency patients to alternative centres immediately. Among those affected are some of the best-known hospitals in the country, such as King’s College Hospital, Guy’s and St Thomas, and, unfortunately, the Evelina London Children’s Hospital and the Royal Brompton.

However, this problem is a familiar one. Back in 2020, the first death by ransomware was ruled in Düsseldorf. An attack paralysed the hospital’s systems to the extent that it was forced to pause all admissions to its A&E department. This resulted in hospital staff frantically diverting inpatients to a city 19 miles away, proving fatal for one woman. Then, in August 2022, the UK’s NHS 111 service was taken offline by a severe cyberattack, also through its supply chain, via its service provider, Advanced, which meant that 40 million people were denied access.

This illustrates the gravity of ransomware attacks on the healthcare sector. In this blog, we will delve deeper into recent trends so your company can maintain agility in the face of ever-evolving and ruthless attacks.

Complex supply chain

Britain’s NHS delivers care to 68 million people and is one of the world’s largest employers, providing work to 1.7 million people. Still, it is behind only the US and Chinese military, Walmart, and McDonald’s. Despite its vast size, it was successfully breached earlier this month and continues to suffer significant disruptions, such as six entire NHS trusts. Many GP practices are spread across southeast London, serving 2 million Brits. This is due to a breach in Synnovis, a private firm that the NHS uses to examine blood tests.

A senior NHS source warned that it would take “many months” to resolve and that it is not yet clear “how the hackers gained access to the system, how many records have been affected and whether these records are retrievable.” As a result, even an entity with the enormous infrastructure of the NHS has been forced to dust off a paper records system, where patients’ information is printed and blood samples hand-delivered by porters.

Already in 2022, the NHS suffered a severe ransomware attack caused by a violation of its Adastra software, which was operated by a third party. Was this a test of the NHS supply chain? This ransomware attack not only caused financial disruption but also distress to patients in the care homes whose data was sold.

Attacks continue. Earlier this year, in March 2024, NHS Dumfries & Galloway was hit by an attack that caused widespread distress and the release of confidential patient data. The implications and investigations of this attack are ongoing, and public concern continues.

Why is the UK healthcare sector so vulnerable?

Martin Lee, Cisco’s UK-based security research lead, warns: “When healthcare systems and data are unavailable, lives are potentially at risk. This makes the sector a tempting target for criminals. Outages put pressure on management to pay off the attackers to restore availability quickly. However, paying the ransom means that these attacks remain profitable and ultimately only serve to encourage further attacks.”

According to a report by Cisco’s Talos threat intelligence division, healthcare providers were the most targeted by ransomware gangs last year. The report attributed this to these organisations having “underfunded budgets for cybersecurity and low downtime tolerance.”

The figures back this up, as this marks the third time that Synlab and Synnovis have been attacked, affecting pathology services across Europe. For example, in June 2023, the ransomware gang Clop breached the French branch and stole data, while earlier this year, Synlab’s Italian subsidiary was hit by a separate ransomware group, Black Basta. The group gained access to around 1.5TB of data and published it in its entirety when no final ransom was paid.

A similar attack was the one on the Finnish mental health giant Vastaamo in 2020, where a copy of all data on the system was sent to the attacker. This included names, addresses, and notes from the therapist on each private session. The work therapists do in dealing with people’s deepest fears and secrets is naturally a very sensitive one, and this attack was devastating for the mental health of its victims. Vastaamo has now ceased trading.

Concerns over the potential escalation of these attacks had been raised in Parliament in 2023, as the increasing use of digital healthcare in the UK means that more critical equipment and systems are connected to the internet, making them a potential target for cybercriminals. However, in a post-COVID world, the use of telemedicine is increasing. In 2023, the NHS began circulating information on ‘Connected Medical Devices’ cyber vulnerabilities to its staff. In February 2024, the World Economic Forum went so far as to name the Healthcare sector as the biggest target for cybercrime due to the critical data it holds and the online devices controlling people’s lives.

How has unpreparedness for attacks recently affected the healthcare sector?

The desperate need to get back online is one of the reasons why 38% of healthcare organisations are reported to have paid a ransomware fee. A 2022 survey of 100 cybersecurity managers in the UK health sector found that 81% of healthcare organisations in the UK had been hit by ransomware in the previous year. Whilst 38% paid the ransom to regain their files, 44% refused to pay and lost their healthcare data. Close to two-thirds (64%) of respondents admitted their organisation had to cancel in-person appointments because of a cyber-attack.

Even unexpected sources can be vulnerable in the healthcare sector. The London Borough of Camden recently warned of a risk to personal data after one of their suppliers of beds, hoists, and grab rails was attacked. Computers attached to MRI machines, CT scanners, blood pressure and heart-rate monitors are vulnerable and provide back doors into connected systems.

How can you protect your business?

These numerous and ruthless attacks serve as another reminder to have the measures in place to prevent you from being caught off guard. The NHS experience illustrates how even large, well-resourced providers can be vulnerable to prolonged disruptions if proper security measures are not in place. The UK government has committed to a series of measures to support healthcare providers by 2030. Still, in the meantime, businesses in the supply chain must take appropriate measures to keep defences high.

At Thrive, we specialise in providing industry-leading cybersecurity solutions tailored to you and your staff’s needs. Our team of experts can work closely with your organisation to identify vulnerabilities, implement robust safeguards, develop incident response plans, and ensure you have the defences to maintain operational resilience in the face of ransomware and other malicious attacks.

Don’t leave your systems, data, and, most importantly, your patients at risk. Contact Thrive today to learn how we can fortify your company and give you the peace of mind to continue delivering essential services without disruption. Protect your operations, reputation, and ability to contribute to life-saving care with Thrive as your trusted cybersecurity partner.