Healthcare in the UK, particularly the National Health Service (NHS), has come under intense scrutiny since the catastrophic effects of the WannaCry ransomware in May 2017. Afterward, NHS Digital launched a new £20 million security operations centre to assist units to comprehend and prepare for cyberattacks in the healthcare industry. Not even public, private companies are also making big investments in cybersecurity.
According to a report, healthcare companies in the country have increased their spending on cybersecurity more than 500% in a year, making the sector second-highest spenders across all industries after the finance and insurance industry. In the 2018-19 fiscal year, health sector firms spent on average of US$16,800, which is up from just US$2,770 a year earlier and the highest increase across all industries.
In 2017, pharmaceutical company Merck & Co. was among a slew of companies hit by the nefarious WannaCry ransomware attack, which disrupted the company’s medicine and vaccine production that costs US$135 million in lost revenues. Since then, the company has spent an estimated US$175 million to bolster the security of its IT systems.
Another pharmaceutical company Bayer, earlier this year, revealed that it had been subjected to a year-long cyberattack that took the company months to resolve its systems. As per the reports, this breach deemed to originate from the China-based Winnti hacking group. However, Bayer didn’t disclose the cost of that remediation effort, but claims that there was no evidence of data theft.
On this hacking group, security specialist Kaspersky said a few years back that Winnti had started targeting pharmaceutical companies and suggested it may be for the purposes of industrial espionage. Meanwhile, the security firm identified that hackers are increasingly targeting private companies. Moreover, the poor reputation of the drug industry with the public on issues like medicine pricing and animal testing also makes the domain hackers’ target point.
A 2018 Deloitte report also claimed the industry was the most targeted industrial sector, suggesting intellectual property theft was a key motive. Though, this year also saw more than half, nearly 55 percent, of all UK firms, come across a cyberattack, with average losses from breaches anticipated at £176,000.
Today, the number of cyberattacks across all industries globally is rising and in healthcare, this continues increasing, compromising the health information and safety of millions of people.
In the UK healthcare system, limited budgets and time-consuming approval processes are weakening the NHS’s ability to adapt to evolving technological challenges. Since the WannaCry attack, the NHS has taken several steps to increase its cyber resilience, and accountabilities have been assigned to the Department of Health and Social Care and Arm’s Length Bodies (ALBs),
Healthcare is the only field across the world for which the biggest threat to data breaches comes from internal sources. So, to embed a security culture, progressive investment needs to be made in the IT system. Although, the problems seen in the NHS and the efforts of the UK firms might assist other countries to determine their security priorities to move forward.