It is widely acknowledged that the NHS is facing unprecedented challenges, from hard to hit targets and financial deficits to rising patient numbers, increased waiting times and reduced bed availability.
But it doesn’t end there, with healthcare providers facing increasing challenges on the digital health front too. According to the latest quarterly review from the Information Commissioner’s Office (ICO), the sector is experiencing the most cyber attacks since records began in April 2015.
In fact, the healthcare sector accounted for the highest number of data security incidents for the quarter, with 239 cases reported in Q3 2016. Cyber incidents accounted for 74 of these reports.
So why is the NHS such an attractive target for cyber criminals? Is patient data becoming increasingly valuable to cyber criminals and/or are opportunists simply exploiting weakness? Either way it’s clear that the healthcare sector needs to reassess the management and security of its data.
Recent results of a Freedom of Information Act revealed that 90% of NHS Trusts are still running Windows XP, exposing hospitals to threats designed to exploit vulnerabilities for which Microsoft no longer issues patches. But it’s not just not just obsolete operating systems that pose a risk – anecdotal evidence suggests that healthcare organisations are running hundreds of legacy applications in the background.
Indeed, it has been estimated that some hospitals have as many legacy applications operating behind the scenes as the number of beds in their facility.
Older technologies, whether hardware or software, are more prone to security loopholes, as well as corruptions, failures and outages, making Trusts an easy target for ransomware attacks.
Despite the risks, not to mention the huge costs and drain on resources associated with running these obsolete systems, the practice is still worryingly commonplace across the healthcare sector.