August 4, 2023
By Dean Hilton - Account Manager, Public Sector
The first connection those in both the healthcare and cybersecurity industries will make when talking about England’s National Health Service (NHS), ransomware and data loss is of course Wannacry. In 2017 the NHS, despite investment and improvement in cybersecurity, was among the many global organizations whose operations were brought to a standstill by Wannacry. This attack highlighted that a cybersecurity solution couldn’t be approached piecemeal. A minimum set of standards needed to be agreed upon and prescribed to the NHS in England as a whole (Wales and Scotland having their own standards which Skyhigh Security can also help trusts to achieve) so that every patient in every trust could be confident in the security of their data. This led to the establishment of the Data Security and Protection Toolkit (DPST).
It’s clear however that even with continued investment and planning, Wannacry wasn’t the last successful attack on the NHS. The pandemic saw a huge rise in attackers taking advantage of lack of information around Covid-19 to create websites, emails, SMS campaigns and more, to steal private health information from members of the public who were already confused and scared. More recently attackers have taken advantage of NHS’s third-party suppliers to get access to the personal and medical data through attacks on the supply chain.
Ransomware attacks on Advanced, the software company providing services to multiple customers including the NHS led to an outage of the 111 non-emergency national services in 2022 among other services. More recently an attack on Capita plc, one of the largest suppliers of outsourcing, consultancy, and professional services to the UK Public Sector, highlighted a multitude of different methods that allowed data to escape the controls of the organization as well as its customers.
Each Trust continues to make its own decisions on how best to invest in technologies that can help perform the important roles that are required every day from all the members of that Trust, including the cybersecurity technologies which protect the infrastructure. The government’s Data Security and Protection Toolkit (DSPT) has been created to help guide the Trusts to making the right decisions with regards to the types of protection needed. It also asks Trusts to find methods to protect themselves in case of a successful breach, looking at cyber insurance, post-infection tracking and minimizing the damage.
Skyhigh Security has been working with healthcare organizations globally, including NHS Trusts to work beyond compliance and towards active threat mitigation. According to the Gartner definition, Security service edge (SSE) secures access to the web, cloud services and private applications. With more organizations moving to web hosted applications, cloud infrastructure and remote working solutions, including remote care, a unified solution is needed to secure all these disparate technologies.
There are several ways that Security Service Edge (SSE) can be implemented, and Skyhigh Security’s SSE solution was built with a focus on protecting customer data. Skyhigh SSE provides real-time data and threat protection against advanced and cloud-enabled threats and safeguards data across all vectors (web, cloud, email, and private apps) and users. Our data-first approach allows Trusts to see how their data is moving, from user to cloud, user to email, and cloud to cloud. We can also help Trusts take control of these movements, applying data protection across multiple vectors where users might make risky choices on sharing data, malicious or accidental. As the solution is integrated it also allows administrators to set up categorization and define policies that are enabled across all services.
DSPT is a useful tool for helping Trusts understand what controls they should be using to protect staff and patient information, and by implementing Skyhigh Security’s data-centric, fully converged SSE solution, Trusts can have confidence that they know where their data is, who is sharing it, and that they can prevent it from falling into the wrong hands.
Please reach out to us through the website www.skyhighsecurity.com or talk to your local technology partners about reviewing an SSE strategy.
Back to Blogs