Why Healthcare Organisations in the UK Need to Strengthen Cyber Security Measures?

Highlights

• Nearly eight out of 10 healthcare organisations in the UK have experienced a data breach since 2021

• Obsolete software, faulty devices and user negligence among the chief reasons for rise in cyber attacks

• AI can boost surveillance measures with 24/7 monitoring and respond in real-time to security events

The healthcare industry is increasingly being digitised with Internet-of-things (IoT) devices transforming the capability and reach of medical services. However, the benefits have come with a rider.

Healthcare organisations face cyber risk 

Research has found that almost eight out of 10 healthcare service providers in the U.K. have experienced at last one security breach since 2021. What’s concerning is that the number of data breaches reported by healthcare IT staff went up by 22% year-on-year, indicating a rise in cyber attacks targeting the healthcare sector in the country. Equally worrying is a 14% rise in data leaks resulting from negligence on the part of users.

IT healthcare professionals said that such incidents could compromise patient details and transgress General Data Protection Regulation (GDPR) laws. However, a third of IT professionals considered a disproportionate amount of time spent in resolving issues related to legacy IT systems rather than boosting preventive measures.

The chief loophole identified by the experts was the wider scale and scope of device integration in different healthcare areas. For instance, nearly half of organisations described a rise in the number of devices used on the premises to deliver healthcare services as well as perform administrative tasks. To add to the complexity, one-third of respondents also witnessed an increase in the use of personal smart devices such as mobile phones and tablets to access the organisation’s network, tools and data.

The multiple access points to an organisation’s IT systems have increased its vulnerability to suffering a data breach. Laxity in tracking the use of devices also leads to unauthorised access undermining system integrity. Cyber security experts have recommended putting in place a policy for personal device use while implementing regular security upgrades.

Obsolete technology, malfunctioning devices and employee negligence are the chief reasons hackers are able to gain entry to potentially secure systems.

Managing the cyber threat landscape

Stefan Spendrup, an official at U.K.-based tech firm SOTI, said that device management is a crucial aspect for healthcare organisations with the capability to remotely detect and switch off any device or IoT configuration in the event of a cyber attack.

IT professionals have called for integrating new technologies such as artificial intelligence (AI) to enhance surveillance measures with analytics. It enables a system to respond in real-time while experiencing a data breach.

The healthcare processes best suited for automation without manual intervention

• Data collection

• Healthcare resources access

• Patient records maintenance

• Diagnostic results

Healthcare workers in the U.K. report nearly three hours of device malfunction and network-related downtime per week on average affecting deliver of critical services.

AI-driven technologies are anticipated to improve the healthcare experience for both patients and providers. The benefits include quicker and better care while curbing instances of human errors along with reduction in costs.

An increasingly varied cyber threat landscape encompassing sophisticated techniques such as distributed denial-of-service (DDoS) and ransomware demands even more advanced security techniques from healthcare organisations. Security measures such as encryption of user credentials, use of firewalls, anti-virus or anti-malware and multi-factor authentication are vital to reduce the risks of downtime.

The transition to digitisation needs to be managed prudently to ensure the benefits do not get squandered due to a lack of awareness.