In the light of the recent ransomware attack on London hospitals, the NHS needs to turn to cybersecurity experts to help protect its third-party supply chains. Lola Akanbi, senior security consultant at Protection Group International, explains
In June, a cyber-attack caused serious disruption for hospitals and surgeries in London, with a senior NHS source warning that it may take ‘months’ to resolve. This critical incident, which is believed to have been carried out by the Russian Qilin gang, led to operations being cancelled and emergency patients diverted to other hospitals, while having a significant impact on the delivery of services, blood transfusions and test results. King’s College Hospital, Guy’s and St Thomas’, Royal Brompton and Evelina London Children’s Hospitals were affected, as were other primary care services. With many departments being unable to connect to the main server, hospitals needed to establish quickly what work could be carried out safely. The ransomware attack affected those hospitals partnered with third-part pathology service provider Synnovis, who quickly sent an IT taskforce to assess the incident, while the NHS worked with the National Cyber Security Centre to fully understand the impact. The incident was also reported to the Information Commissioners Office.
Ransomware attacks are a habitual, ever-increasing threat to critical infrastructure. Threat actors will attack any organisation or institution whose cyber defences are not adequately robust. The NHS holds crucial data and therefore it needs to look at supply chain being a real point of vulnerability as it has increasingly been the way into main targets. With budgets reducing and not enough internal support, the NHS needs to turn to cybersecurity consultancies who can provide expertise and training.
The NHS is a massive institution that has a complex network of relationships between its suppliers, vendors and third-party service providers. With supply chain attacks becoming increasingly sophisticated, threat actors exploit the vulnerabilities that appear through the interconnected nature of these supply chains. As institutions become ever-more reliant on digital supply chains, understanding the implications of a supply chain attack is critical for maintaining resilience.
With shrinking budgets, and a lack of internal resources and training, the NHS needs to look at external cybersecurity experts who understand the nature of these threats and can implement the appropriate security measures. They can also implement regular training so that the NHS can better protect itself and its patients from the consequences of a successful supply chain attack. Cybersecurity experts can provide threat intelligence which will allow the NHS and healthcare providers to stay informed of emerging threats and adapt their security strategies accordingly. Additionally, by fostering a culture of security awareness, the NHS can better protect their supply chains and mitigate the impact of a future attack.
