Will a New SOC Help the NHS Stop the Next WannaCry?

Written by

The news that the UK’s National Health Service (NHS) is going to invest £150 million on a new Security Operations Centre (SOC) should be warmly welcomed. It's now been just over a year since the global WannaCry ransomware attacks shutdown scores of NHS Trusts, turning away patients and hamstringing frontline services; so it makes sense that the NHS is looking to prevent the same from happening again.

The SOC comes as part of a wave of security improvements in the NHS. The service has just updated to Windows 10 and is working with the UK’s National Cyber Security Centre to enhance patient data protection. 

Still, in order to prevent WannaCry II, and other endpoint malware risks, the NHS has some things to consider especially as its much vaunted ‘digital transformation’ picks up speed.

Data accessibility is often the primary concern when it comes to healthcare IT, enabling quick and efficient patient care. Even with data privacy regulations, at times, data defenses are a lessor concern if it is seen as a hindrance to care delivery.

That being said, mobile devices, an expansive user base, and the use of internet-enabled medical devices presents visibility and threat response challenges.

Sprawling networks, like at the NHS can be hard to see into, leaving IT security teams without the visibility they need to get ahead of threats. Furthermore, these networks support a variety of endpoints of varying security, from guests and patients to visiting professionals and staff bringing in their personal mobile devices.

However healthcare, like other industries, is taking advantage of technology and it’s more important than ever that healthcare bodies take the right steps to securely innovate.

The use of new remote and online services and the advent of the IoT, including the application of connected devices from medical dispensers to patient monitoring devices, is going to add untold new levels of functionality when it comes to healthcare: hospitals will become more efficient, patients will experience higher standards of care, diagnosticians will have better access to data and a whole array of diseases will be treated in new ways.

This development comes with new challenges too, as the remote and online service which allow healthcare professionals to administer care remotely and patients to be looked after from the comfort of their own homes are crucial to the swift sharing of data, which the healthcare environment so prize.

As many in the security industry already know, these kinds of solutions can be made dubious and are often insecure. Mobile applications, medical websites and seemingly benign healthcare support systems can often provide easy ways for an attacker to get their hands on access credentials steal sensitive patient data and exploit healthcare networks.

The possibilities get stronger when talking about the IoT for which a potent example was exhibited in 2011, when researcher Barnaby Jack showed how an IoT insulin pump could be exploited to harm and even kill its diabetic user.

This was merely an introduction; new vulnerabilities in medical devices are still being unearthed. These technologies are going to carry healthcare to fantastic new heights. But it's not without risk; cyber threats endanger efficiency in an environment where accessibility to patient data and the proper functioning of medical devices could literally mean the difference between life and death.

With the adoption of groundbreaking technologies, there are few industries that are positioned to gain or lose so much as healthcare. 

The implementation of an SOC is a firm step in the right direction for the NHS, but it must provide the visibility and secure access required for a massive operation like the NHS. 

That starts with visibility. This SOC must get a handle on any and all assets on its network, including guests, patients and contractors, and especially the thousands of IoT and remote access endpoints that will doubtless be a part of it in the near future.

It also means establishing how those endpoints are authorized to access and use network resources, and what kind of applications and data is allowed to be utilized. 

From there, layered security and secure access will prevent one chink in a networks armour from becoming fatal. If a doctor’s smartphone is to be allowed to access network resources and data, then secure access solutions can ensure proper security configuration including making sure that connectivity is protected.

If that doctor’s smartphone or tablet is compromised or lost, for example, then secure access solutions can wipe the sensitive data from the device. More so, if any staff member is using their personal device or an organization-issued computer, the secure access technologies can ensure the same policy, for security checks and required protection mechanisms, is in place.

These safeguards must be able to be invoked, while enabling seamless accessibility to data that healthcare professionals and providers so desperately require. 

None of this is a small job in an institution as large as the UK’s National Health Service, but as healthcare leverages innovation and delivers broader, connected healthcare services – visibility, security checks across connected users and devices, and automated threat response will be vital to ensure network health and mitigate malware infection risks.

What’s hot on Infosecurity Magazine?