UK healthcare struggles to keep pace with evolving cybersecurity threat landscape

The WannaCry incident spurred The National Health Service and UK healthcare providers to improve their cybersecurity posture, but experts say more work needs to be done.

healthcare technology / medical data
Metamorworks / Getty Images

The UK’s healthcare industry operates at huge scale with large amounts of personal data of practically every person in the country—all of which needs securing. Compounding that challenge, the National Health Service (NHS) with its multi-billion-pound budget is in near constant change around digital transformation, has a largely federated operating structure, and relies on many small suppliers.

Yet the healthcare industry and NHS has made progress in their ability to protect their systems and data from attack.

Wannacry: A turning point for cybersecurity in UK healthcare

The WannaCry incident was a global event, but one of the most notable victims was the UK’s NHS. It was a watershed moment for the NHS and how it approaches cybersecurity.

The WannaCry ransomware attack, thought to be created by North Korean threat actors the Lazarus Group, used the NSA-created EternalBlue exploit in the Windows Server Message Block (SMB) protocol leaked by the Shadow Brokers. Though a patch was available at the time of attack, none of the affected NHS organisations had applied the Windows patch despite being advised to do so by a bulletin from NHS Digital’s CareCERT.

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.