Healthcare SMEs Get Government Security Spending Boost

Small and medium-sized healthcare suppliers and providers are set to get a small cybersecurity boost after the government announced a £500,000 fund to support certification and training.

Announced to coincide with London Tech Week, the half-a-million pound support package will go to primary care providers (excluding GP practices), medical suppliers and other eligible businesses.

It must be spent on consultancy and certification costs needed to gain accreditation for the government’s Cyber Essentials certification, which guarantees a baseline of best practice security.

This will include training to ensure all mobile devices, laptops and PCs are kept up-to-date with the latest patches, firewalls are configured properly to secure internet connections and user access controls are tightened to prevent unauthorized access to systems. 

Although it has been running since 2014, only 50,400 Cyber Essential certificates have so far been issued, the Department for Digital, Culture, Media & Sport admitted.

Yet healthcare organizations have become an increasingly popular target for attackers, especially during the COVID-19 crisis. The National Cyber Security Centre (NCSC) was forced back in May to issue a joint alert with the US authorities warning of large-scale password spraying campaigns against healthcare and medical research organizations.

“Protecting healthcare has been our top priority during the COVID-19 pandemic and we have been working hard to ensure organizations can keep themselves secure. While we will continue to support them, signing up to initiatives such as Cyber Essentials is an excellent way for organizations to help themselves,” argued NCSC director of operations, Paul Chichester.

“Those who have not already taken up this offer should do so — it will help ensure they have fundamental security protections in place, even in the most challenging of times.”

What’s Hot on Infosecurity Magazine?