FINAL GPSJ Summer edition 2024 ONLINE VERSION.2pdf - Flipbook - Page 44
GPSJ
NHS & HEALTHCARE
Vodafone advise healthcare
sector to consider cyber security
as a high priority
By Anne-Marie Vine-Lott, Director of Health, Vodafone UK
Anne-Marie Vine-Lott, Director
of Health, Vodafone UK
Most people would not
consider the cyber security
impact of their weekly food
shop or a visit to the doctors
but the personal data risk of
visiting either could be similar.
From the point of view of a
cybercriminal, healthcare
organisations collect valuable,
sensitive data about individuals
It’s not dissimilar to signing up for
a loyalty card with a supermarket
where the data collected provides
information and insight about habits,
preferences and spend profiles.
When you think about someone’s
health profile it’s the same: you’re
getting an immense amount of
information.
As a result, the healthcare industry
has become a key target for cyber
criminals with one report citing that
eight in ten health organisations have
44
had a security breach since 2021.
The NHS has found itself
vulnerable to attacks on several
occasions – from personal data
breaches to problems affecting entire
software systems.
One such incident was the attack
on Adastra, which forced call
handlers to resort to pen and paper
to keep ambulance services running
during a breach in 2022.
In 2017, the worldwide WannaCry
ransomware attack targeted PCs
running Windows in 150 countries,
affecting hundreds of companies and
public services.
Microsoft had issued a patch to
protect computers some months
earlier, however those who had not
downloaded the update, or whose
machines were running on older
versions of Windows, were not
protected.
UK health boards were affected
GOVERNMENT AND PUBLIC SECTOR JOURNAL SUMMER 2024
in particular NHS Lanarkshire, which
had to cancel almost 500 patient
appointments and procedures as a
result of the attack.
I’m only too aware of how
vulnerable healthcare organisations
can be, particularly in the public
sector.
Vodafone is dedicated to
strengthening the cyber security
position across the UK’s critical
national infrastructure and we want
to do more to support the NHS.
The NHS has become – and
will always be – a target, and as
we increasingly look to create an
environment where everyone is
better connected at an individual
and organisational level, you have
to ensure that there is appropriate
security in place.
It is understandable that health
boards, faced with soaring costs and
increasingly squeezed budgets, may
not have the capacity to deal with the
potential impact of cyber security.
This plays into the hands of
criminals and fraudsters as it is
known that the UK healthcare system
suffers from under investment.
This presents a challenge to
balance operational or patient risk
that is immediately evident versus the
risk of something that you can’t see,
but you know may be brewing in the
background.
When faced with that dilemma, the
tendency is to go for the risk that you
can see but if a system is breached
and has to be shut down, it has an
absolutely huge impact.
Not just in terms of, for example,
operations being cancelled, but the
cost of actually trying to get services
up and running again, safely.
The long history of the NHS
compared to some countries’
healthcare systems has meant it has
been more difficult to modernise and
to create a successful digital system.
The NHS started in 1948 and it’s
changed and evolved constantly
over the last seven decades of
healthcare.
If you had to start from scratch,
you’d never design it in the same
way as other examples can show.
Estonia, where the healthcare
system has been created and
designed in more modern times,
following the country’s independence
from the USSR in 1989 – resulted
in a more coherent digital system –
although Estonia is more centralised
and still has challenges in the
integration of services.
Meanwhile, an increasing number
of people in the UK are partnering
NHS care with the use of private
healthcare providers for some issues.
A growing number of workplaces
have begun to introduce “private
healthcare lite” benefits such as
online GP appointments.
In a post-pandemic world, even
within the NHS, some appointments,
particularly in primary care, are
available online or via the phone.
The upside is that people can
access services far more easily,
especially since Covid.
However, from a cyber
perspective, this does open up risk,
with a plethora of systems being
used as multiple points of access.
In England there has been an
ongoing drive towards collaboration
with the creation of group Health
Trusts into Integrated Care Systems.
Vodafone are supporting these
groups to look at cyber challenges
more holistically to reduce risk
We also offer cyber assessments
to better understand potential
vulnerabilities and concerns over
cyber challenges.
I would encourage everyone to
consider cyber security as a high
priority in both business and personal
lives.
Whilst it is often difficult to clearly
articulate the business case for
things that may not happen, it’s
better to have invested in the right
support to have assurance that
they won’t.