NHS Digital is to turn to ethical hackers in a bid to defend itself from malicious cyber attacks in the future. Following May’s WannaCry ransomware attack, £20 million is to be invested to avoid a repeat of the event that crippled parts of the NHS and affected thousands.
The NHS is creating a cyber security team that will aim to protect the NHS from cyber attackers and enhance the health service’s cyber defence capabilities. Ethical hackers will be part of this team, looking through the NHS network in an attempt to find weaknesses and help identify the places where malicious hackers might attack in advance so that precautionary measures can be taken.
Those referred to as ethical hackers are experts who attempt to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that malicious parties could exploit.
The team will advise local NHS departments on IT defences across the UK and will provide guidance in the event of cyber security incidents. The team will provide a “near-real-time monitoring and alerting service” across the entire healthcare system according to Dan Taylor, head of the Digital Security Centre at NHS Digital.
The move comes a month since the National Audit Office’s (NAO) report into the WannaCry cyber attack that found that the NHS organisations affected could have taken simple actions to protect themselves. Basic IT security would have been enough to prevent the spread of the ransomware and the NHS’s reliance on the very outdated Windows XP operating system did not help matters.
Penetration testing of the systems across all 250 NHS trusts is likely to be an extremely time-consuming task and those working in the healthcare industry must not take cyber security for granted.
The UK Government officially blamed North Korea for the WannaCry attack, and for many the event was an eye opener to the potentially devastating consequences of a malicious cyber attack.
How Cyber Essentials Can Help
The first step to keeping your organisation safe from potential future cyber attacks is to be certified with Cyber Essentials.
Certification to the Government’s Cyber Essentials Scheme protects an organisation from 80% of common cyber threats. It is also a mandatory requirement for organisations wishing to win business with the MOD, and can help your organisation prepare and defend itself against malicious cyber attacks, regardless of the sector you operate in.
