Today, for the very first time, I am attending a conference from the comfort of home. CYBERUK, the flagship UK government cybersecurity event, is taking place online this year due to the ongoing restrictions imposed by the global public health response. It continues over the next couple of days, and anyone can access the sessions here.
This digital format is a timely signifier of how Coronavirus has catalysed and accelerated change, with technology filling the social distances enforced between us all by the pandemic. But, due to recent events in the US at the Colonial Pipeline Company, a different sort of virology dominated the day’s discourse. The malicious intrusion on everyone’s mind: the ransomware hack.
We’ve talked before about ransomware attacks in the health and care sector, but what are they?
In such a ploy, the adversary typically exploits the victim by stealing, blocking access to, or threatening to publish their private data unless they pay a ransom. The implications of losing control of one’s systems in this way can be significant, as we have seen with the disruption of a large part of the American energy infrastructure this weekend.
Speaking today at CYBERUK, Home Secretary Priti Patel made the British Government’s position to such extortion clear. Paying the ransom, generally speaking, doesn’t work. It often fails to secure the release of your data and may even invite future attacks.
So what should we do to safeguard from an attack in the first place? An excellent place to start is the advice issued by the Australian Cyber Security Centre. At AutumnCare, we’ve also recently completed certification in Cyber Essentials, the economic and security impact of which was discussed today and maybe something else to consider for your organisation.
The final session on “Protecting the NHS From Ransomware During COVID-19”, with no opportunity to make points or ask questions of the experts debating the topic, exposes the limitations of the digital format.
The panel talked eloquently about the crucial and significant work done to safeguard the NHS during the last year, and this contribution to the national effort should not be downplayed. However, the silence on what NHSX, NHS Digital and the NCSC did to support the social care element of the Department of Health and Social Care was crashing.
With an estimated 1.38 million people receiving care in the UK delivered by thousands of registered providers, social care is arguably a larger and more vulnerable attack surface for a vast quantity of personal private health information. It would have been good to discuss this point if allowed the opportunity to ask questions.
Does this shed light on the causes behind the issues seen in social care during the pandemic? Perhaps. Is it reflective of the importance social care enjoys in Whitehall? Almost certainly. Where we can agree, however, is in the sentiment: Cybersecurity is a clinical and operational risk, not just a technical one!
It’s also essential to look for built-in security and resilience in your technology partners. To assure you that your resident’s personal information is secure, AutumnCare has business continuity, disaster recovery and data security built into its architecture.
Just ask one of our large customers1, whose self-hosted systems (HR, Finance, and Clinical Operations), were the target of a ransomware hack. Thanks to AutumnCare’s unique transaction engine, we were able to keep them going through the pain of the strike and restore all of their historical Assessments, Care Plans, Charts and Notes — everything — without resorting to negotiating with the criminals blackmailing them. Cybersecurity is a team sport, and AutumnCare is ready to help.
Stay safe, and stay vigilant!