NHS cyberattack impacts essential 111 service, highlights healthcare vulnerabilities
A cyberattack on NHS service provider Advanced disrupted the critical 111 healthcare line, highlighting the urgent need for robust cybersecurity measures within healthcare systems.
2024-01-17
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
NHS Cyberattack on Adastra Software: What Happened and How to Prevent Future Attacks
The recent cyberattack that disrupted the NHS’s 111 service has raised serious concerns about cybersecurity within healthcare. The attack targeted Adastra, an essential software service used to refer patients, schedule out-of-hours appointments, and dispatch ambulances. Operated by Advanced, this software supports around 85% of NHS 111 services, making its breach a significant blow to healthcare operations and accessibility.
While NHS England initially didn’t confirm a cyberattack, Advanced later verified that a cyber incident had taken place, though their quick response reportedly prevented a complete system failure. Even though disruption was reportedly minimal, this attack has exposed vulnerabilities in a critical public health service, prompting a closer look at cybersecurity in healthcare.
Why Adastra Software Is a Prime Target for Cyberattacks
The NHS uses Adastra software across the majority of its 111 services, highlighting its integral role in patient care. By managing referrals, emergency prescriptions, and ambulance dispatch, this software is indispensable to the public health system.
Cybercriminals increasingly target such critical systems because:
- High Sensitivity of Data: Patient records and sensitive information make healthcare data highly valuable.
- Urgency of Services: A disruption in emergency healthcare services like 111 can have life-threatening consequences, adding pressure on healthcare providers to resolve incidents quickly, often by paying ransoms.
- Reliance on Legacy Systems: Many healthcare organizations rely on legacy systems that are harder to secure due to outdated software and hardware components.
Why Healthcare Needs Enhanced Cybersecurity
The NHS cyberattack on Adastra echoes the 2017 WannaCry ransomware incident, which also targeted the healthcare sector and caused severe operational disruptions. Security experts, including Javvad Malik from KnowBe4, have pointed to ransomware as the likely cause behind the recent NHS service outage. Malik stresses the need for a holistic approach to address root vulnerabilities, emphasizing multi-layered cybersecurity strategies such as:
- Stronger Authentication: Implementing multi-factor authentication (MFA) to protect critical applications.
- Patch Management Processes: Regularly updating software to protect against known vulnerabilities.
- Security Awareness Training: Educating staff to recognize suspicious activities and follow cybersecurity best practices.
These measures could help prevent future attacks by limiting attackers' ability to exploit common vulnerabilities.
1. Implement Stronger Authentication Measures
One of the most effective ways to protect healthcare systems is through multi-factor authentication (MFA). MFA requires additional credentials beyond just a password, adding a layer of security against unauthorized access. This approach can prevent attackers from easily gaining access even if a single set of login details is compromised.
For organizations with limited resources, deploying MFA for the most critical systems, like emergency response software or patient record databases, should be the first step.
2. Improve Patch Management Processes
In many healthcare organizations, patch management remains a challenge, particularly in settings with older systems or a lack of IT resources. The WannaCry attack in 2017 demonstrated how unpatched systems could lead to catastrophic breaches. Regularly updating software to fix security flaws and other vulnerabilities can greatly reduce risks.
To manage patches effectively:
- Schedule regular assessments to identify and prioritize critical updates.
- Develop a system for monitoring and applying patches in real-time.
- Consider automated patch management tools to streamline this process and reduce human error.
Implementing a strong patch management program can prevent many types of malware from taking root in healthcare systems.
3. Launch Comprehensive Security Awareness Programs
A well-rounded security awareness training program is essential for preventing human error, one of the leading causes of security breaches in healthcare. For healthcare professionals, training should include recognizing phishing emails, understanding social engineering tactics, and learning secure data handling practices.
Investing in ongoing employee education helps build a proactive security culture where staff are more vigilant and able to respond effectively to potential threats.
Explore the Security Awareness Training provided by Keepnet Labs to equip your staff with skills that can prevent similar incidents. Keepnet's Human Risk Management Platform offers tools for enhancing security culture, risk detection, and threat prevention.
What Can Other Sectors Learn from the NHS Cyberattack?
The NHS cyberattack serves as a case study for all sectors, not just healthcare. Essential learnings for industries across the board include:
- Conduct Regular Security Assessments: Understanding which systems are vulnerable allows organizations to preemptively secure their operations.
- Prioritize Data Protection: Sensitive data should be encrypted and access-controlled, with only authorized personnel able to view or manipulate it.
- Develop and Test Contingency Plans: To minimize disruption in case of an attack, organizations need well-prepared contingency plans and backup systems. The NHS's minimal disruption during this attack indicates that some level of planning had been done, but further testing and improvement are needed.
Why Cybersecurity in Healthcare is Vital for Patient Safety
The healthcare sector, as demonstrated in this latest NHS cyberattack, is a high-stakes industry where even minor disruptions can have serious consequences for patients. Cyberattacks can not only cause operational delays but can also threaten patient lives if they impact critical systems or medical devices.
How to Safeguard Patient Data in Healthcare
To protect patient data and enhance cybersecurity, healthcare organizations should:
- Encrypt Sensitive Data: Encrypting patient data ensures that it remains safe even if accessed by unauthorized users.
- Implement Access Controls: Use role-based access to limit who can view or change sensitive patient information.
- Regularly Monitor for Intrusions: Use threat intelligence tools to monitor unusual activities that could indicate a security breach.
For healthcare organizations, investing in security technologies is essential, as is fostering a culture of security awareness among staff to improve incident response times.
The Role of Government in Supporting Healthcare Cybersecurity
Governmental bodies should take an active role in supporting cybersecurity efforts across public health systems. Key actions could include providing cybersecurity guidelines, funding for healthcare IT infrastructure upgrades, and regular cyber resilience audits for public health organizations.
Call to Action
As cyber threats become more sophisticated, healthcare organizations and other critical sectors must stay vigilant. Investing in robust cybersecurity measures not only protects data but ensures continuity of essential services.
The NHS cyberattack underscores the importance of cybersecurity in healthcare and the need for enhanced security awareness training, patch management, and data protection strategies. Adopting a multi-layered cybersecurity approach will ensure public health services can continue serving patients, even under attack.
Editor’s note: This blog was updated November 11, 2024
SHARE ON