Dr Malcolm Murphy, Technology Director, Western Europe, Infoblox
The scale of the recent WannaCry and NotPetya ransomware attacks perfectly illustrate the seriousness of the cybersecurity threat currently faced by the NHS.
Legacy IT operating systems are going unpatched and, with a rise in the number of connected devices, hospital IT networks are becoming increasingly vulnerable. As cyber criminals continue to target new vulnerabilities the moment they emerge, it’s clear that NHS Trusts should be thinking about ‘when’ and not ‘if’ another attack will occur.
In recognition of this, the government recently pledged £21 million in additional funding to increase the cybersecurity provisions of 27 NHS major trauma centres across England. Whilst this additional investment is welcome, however, it’s important that the money is put to best possible use.
Updating and patching outdated operating systems should be a priority of course, but NHS Trusts need to invest in IT security solutions which will enable them to stay one step ahead of the ongoing threat of attack.
Tear down the walls
For many years, perimeter defences such as firewalls, and intrusion detection and prevention systems, have been at the heart of IT security systems.
Over time, however, cybercriminals have honed their skills, becoming increasingly sophisticated, and the number of attacks has continue to grow. Indeed, there were an incredible 430 million unique pieces of malware in 2015, an increase of 36% on the year before.
With this growth showing no signs of stopping, it’s time to consider that singular perimeter defences may no longer be up to the job.
An efficiently run hospital depends heavily on open channels of communication, within and outside of its physical and virtual boundaries. Building a thick, impenetrable wall can only hinder this communication. It’s not possible to keep absolutely everything out, and that includes hackers and viruses, but it’s also not feasible to keep everything in. After all, by doing so you’d be preventing the outward flow of critical data.
Rather than responding to threats with rigid, insular systems, and thereby blocking the flow of information, security should instead be bolstered through the use of adaptive systems that are able to learn as these threats evolve, ensuring they are quickly discovered, identified and mitigated.
Foundation of strength
The health service is becoming increasingly digitised, so it’s important that a hospital’s IT team works toward building highly secure, easy to manage, open systems and networks that support the hospital’s needs by enabling a bi-directional flow of information.
The collection of applications, servers and devices on the network form the foundation of its infrastructure. They must be able to strengthen each other, maintaining the integrity of the foundation and providing the necessary protection, all the while allowing information and communication to flow freely into and out of the hospital.
The network’s integrity must remain intact. The hospital’s assets and data, and its users – patients, clinicians, and administrative staff – must remain protected, along with their devices, against hackers, malware, data leaks and other forms of attack.
Only a responsive, flexible digital infrastructure will enable a network to offer protection without needing to compromise on the open flow of information; this would be impossible behind a wall or a series of rigid perimeter defences.
Security, flexibility and visibility
Walls may be successful in keeping threats out, but they’re unable to address the points at which these threats originate, leaving hackers free to persist in finding increasingly sophisticated ways of identifying new vulnerabilities and backchannels to penetrate.
The alternative, then, is to carry out ongoing analysis of contextual pieces of data and build layers of actionable intelligence in an effort to understand the causes, behaviour, history and nature of anyone attempting to gain access to the network.
When you consider the organic nature of a hospital, with patients, staff and visitors continuously moving in and out of the campus, and with a wealth of devices being added and removed on an ongoing basis, it’s important to achieve a balance between security, visibility and flexibility.
In order for a hospital to remain secure, its IT team must be able to see everything that’s currently connected to its network, and to evaluate any new additions. We need to know, for example, that the latest wireless heartrate monitor isn’t introducing malware into the system. Achieving this visibility could involve simply automating the process used to add the monitor to the network, or creating guest permissions for the addition of an approved contractor’s device.
All hospitals will bolster their physical and virtual defences as best they can to protect those working or recovering within their premises. However, the truth of the matter is that a wall creates isolation, offering an artificial sense of security. In today’s cyber climate, as the recent ransomware attacks demonstrated, threats are going to find their way in eventually.
The government’s recent pledge is an encouraging acknowledgment of the scale of the current situation, but careful consideration must be given to how this additional funding should be spent. Instead of building thicker, higher walls, hospitals should invest in adaptive and responsive layers of defence, visibility and intelligence that will enable their IT security teams to see where the next attack is coming from, and to prevent it from causing any harm.