All types Page Article White Paper Download
Solutions The best route to security compliance
Hicomply Privacy™ ISO 27001 ISO 9001 ISO 14001 SOC 2 NHS DSPT NIST 800-53 Hicomply GRC™ Services & Customer Support
Platform A powerful suite of ISMS features
Dashboard ISMS Scoping Policy Management Risk Management Information Asset Management Task Management Integrations Hicomply for Enterprises Trust Centre Controls Monitor Hicomply AI SCIM Integration
Resources Everything you need to know
Knowledge & Insights Resources Hub Case Studies Sectors Glossary News ROI Calculator
Knowledge Base Learn more about infosec
ISO 27001 Knowledge Base SOC 2 Knowledge Base NHS DSPT Knowledge Base PCI DSS Knowledge Base NIST 800-53 Knowledge Base DORA Knowledge Base
Company Security and customers first
About News Partners Contact
Back to Knowledge & Insights

How cyber security is changing in the healthcare industry

Recent events show that, when it comes to cybercrime, UK healthcare has a target on its back

From hospitals to pharmacies to biotechnology and medical device companies, the healthcare industry is both varied and valuable, with stringent measures in place to protect against data theft and ensure a smooth operation.

But with cybercrime on the rise, these protections sometimes fail. Cyber security is a mounting issue for the UK healthcare sector. Within the huge landscape of the NHS lies a lack in digital maturity, and this can put the safety and privacy of staff and patients at risk.

In fact, on 3rd June 2024, the NHS suffered a huge ransomware attack, and it’s still feeling the effects. The attack has been attributed to Qilin, a Russian criminal group, and has impacted several hospital trusts, including Guy’s and St Thomas’ teaching hospitals in London, and King’s College Hospital.

Let’s take a closer look at the ongoing struggle for cybersecurity within the healthcare sector, and what steps businesses can take.

Healthcare cyber security in numbers

With patient records and other data now primarily stored and shared digitally, cyber security has become a significant issue for healthcare organisations over the past two decades. Now more than ever, businesses within the sector find themselves having to take data protection much more seriously.

For evidence of this, you need only look to the NHS. Even without taking the recent NHS attack into account, CPX London reports that there were a total of 1,383 cyberattacks in the NHS per week in 2023. This compares to 797 per week in May 2022 – a significant uptick in just 12 months.

Data galore

The NHS accounts for around 87% of the UK healthcare industry, according to Nuffield Trust. It holds a wealth of employee, patient, and national information, with over 250,000 outpatient appointments every day across 1,229 UK hospitals. As such a behemoth of an organisation, it’s impossible to avoid the cybercrime target on its back.

Digital Health News reports that the main reasons for the NHS’ cyber problems are its huge data landscape and its lack of digital maturity. Having been around for 76 years, digitalisation obviously wasn’t a concern, and so the NHS has been forced to update its processes piece by piece, leaving some areas more vulnerable than others.

The risk of ransomware

With so much infrastructure, there are many cracks in the NHS model for cybercriminals to slip through. One of the most common kinds of attack facing the UK healthcare sector is ransomware, as the recent attack shows.

Ransomware is used to seek profit from healthcare organisations, often staged by organised criminal groups. According to Infosecurity Magazine, 81% of UK healthcare organisations suffered some form of ransomware attack in 2022 alone.

The benefits of this for hackers are clear, as 61% of trusts and organisations hit paid the fee to prevent a data leak.

National policies for data protection

There are steps healthcare organisations can take to better protect their data, from setting strong passwords to raising phishing/scam awareness to keeping devices locked when they’re not in use. However, nationwide policy must be put in place to encourage significant change, and avoid attacks like the current Qilin hack.

In recent years, clear guidelines from the UK government regarding healthcare cyber defence have been thin on the ground. Earlier this year, however, the Department of Health and Social Care published the Cyber Security Strategy for Health and Adult Social Care.

This strategy sets out guidelines for achieving cybersecurity across the healthcare industry by 2030, marking a catalyst for change within the NHS. Though it should be noted that it only covers England.

Bolstering business defences with Hicomply

More than any other industry, healthcare deals with vulnerable people, who shouldn’t have to worry about their data vulnerabilities as well. While it is impossible to remove all risk of attack entirely, there are measures that all organisations – whether it’s healthcare providers, supply chain or businesses in a different industry altogether – can put in place to better protect those they care for. And that includes achieving compliance with a recognised standard such as ISO 27001.

Not currently using Hicomply? Ready to find out more about what the platform can do for you? Book a demo.

More Insights

ISO27001
ISMS Risk Register
ISO27001
ISMS Implementation
ISO27001
Defining ISMS Objectives