NHS Scotland must be on ‘high alert’ over cyber risk

NHS Scotland has told it needs to be on “high alert” amid a huge recent increase in the number of attacks on the healthcare sector, according to the former digital director of NHS National Services Scotland (NSS).

Deryck Mitchelson, who stepped down from the position last year and is now chief information security officer at cybersecurity firm Check Point, said he fears that 2022 could see a major cyber-attack on the UK healthcare service.

He said that Check Point is seeing a 71% increase in weekly attacks on healthcare, to around 830 per week:

“Given the impact of last year’s ransomware attack on the Irish healthcare service, the NHS in Scotland needs to be on high alert. The threat and number of cyber-attacks continues to rise and healthcare is near the top of sectors being targeted.”

A cyber-attack on Ireland’s health service last May caused widespread disruption, forcing the organisation to cancel appointments and take its systems offline to protect them from further harm.

Mitchelson said: “Cybersecurity is on the risk logs of most NHS boards in Scotland, but few boards have dedicated security teams and appropriate investment in robust cyber programmes that will deliver end-to-end protection of our services.”

“There is such a huge attack surface in the NHS supporting its 200,000 workforce, and with many still working remotely, it only takes a single compromised account or weak remote access control for a threat actor to access our health systems.”

He stressed the need for the NHS to up its game and remove all unsupported operating systems, strengthen remote access, increase end-to-end visibility and monitoring and ensure that robust incident response plans are in place.

“Any infection would spread and infect in particular un-patched and end-of-life devices, having a detrimental impact on both emergency and scheduled procedures,” he said.

“So much of our healthcare is now dependant on digital technologies that this could have a crippling impact, from appointment scheduling and prescriptions to consultations and operations.”

Follow us on twitter: @risksEmerging

Twitter feed is not available at the moment.