The “shared responsibility” philosophy for improving cybersecurity is becoming a worldwide phenomenon. It was woven throughout the U.S. National Cybersecurity Strategy issued by the White House in early March, and later that month the UK also announced its plan to improve cybersecurity for the country’s National Health Service (NHS).
On March 22, the UK government announced it will draft a six-year plan to “promote cyber resilience across the health and care sectors by 2030, protecting both services and patients.” That plan will build on five pillars for reducing the risk and impact of cyberattacks on healthcare organizations, while also improving recovery and resiliency should an attack succeed. Those pillars include:
- Identifying the areas of the sector where disruption would cause the greatest harm to patients, such as through sensitive information being leaked or critical services being unable to function.
- Uniting the sector so it can take advantage of its scale and benefit from national resources and expertise, enabling faster responses and minimizing disruption.
- Building on the current culture to ensure leaders are engaged and the cyber workforce is grown and recognized, and relevant cyber basics training is offered to the general workforce.
- Embedding security into the framework of emerging technology to better protect it against cyber threats.
- Supporting every health and care organization to minimize the impact and recovery time of a cyber incident.
Faster Response, Minimized Disruption
The second of the five pillars is notable to us because it calls for “uniting” the healthcare sector in an effort to combine resources and expertise to “enable faster responses and minimize disruption.” At a macro level that is a critical capability for hardening the networks of organizations connected through extensive digital supply chains. At the individual level it is vital for an NHS Trust to approach cybersecurity from a “whole hospital” perspective. Recognizing that, with IT systems operating on the same infrastructure as the operational technologies (OT) that run the hospital operations—and also alongside the sophisticated connected medical devices (Internet of Medical Things) integral to delivering a high quality of healthcare to patients—a vulnerability anywhere in the network puts the entire Trust at risk.
“This new strategy will be instrumental to ensure every organization in health and adult social care is set up to meet the challenges of the future.” — Health Minister Lord Markham
Protecting 1.7 Million Devices
The announcement points out that there are more than 1.7 million devices operating within NHS Trust networks, and that the strategy seeks to monitor each for suspicious activity that could indicate an attack or active threat. That’s wise, and an imminently achievable goal. In fact, many Trusts in the NHS system currently use the Ordr platform to discover, monitor, and protect the hundreds or thousands of Internet of Medical Things (IoMT) devices that populate their networks for the delivery of patient care.
When the full NHS cybersecurity strategy is published later this year, Ordr is confident that our customers will be prepared to meet whatever standards are set as they pertain to protecting connected devices. And as the CISOs and other leaders in those Trusts have already demonstrated a desire to work toward a Zero Trust security posture, there is no doubt they will establish themselves as cybersecurity exemplars for their peer Trusts.
Ordr is also actively working with NHS Trusts to comply with the NHS Data Security Protection Toolkit (DSPT) and ensure the security and privacy of data shared within the NHS system. Contact us for more information about how we can protect the connected devices in your network.