On Saturday night, BBC’s Casualty showed Holby City’s A&E Department hit by a cyber attack, taking critical systems offline and putting patient lives at risk. But could this dramatisation play out on real-life wards? And how can organisations that provide health care protect from the inevitable risk of a cyber attack?

Could this happen in the NHS?
In 2017, a global cyber attack hit businesses, affecting unpatched computer systems across the world. The attack known as WannaCry, impacted the health service in the UK. WannaCry worked by infecting vulnerable computers and encrypting files, demanding a ransom in order to regain access. Around one percent of all NHS care was disrupted over the course of a week, which translated as 19,000 cancelled appointments and an estimated £92m in total costs.1

The NHS is part of the UK’s critical, national, infrastructure and is therefore a significant target for criminals. WannaCry raised the profile of this risk and organisations are building on their cyber resilience and improving their business continuity plans. As we work hard to protect systems, the threats become constantly more advanced, so it is inevitable that there will be a major cyber attack in the future.

Human behaviour remains one of the greatest threats to Cyber Security, with one of the most likely causes of an attack in any organisation being a member of staff receiving an email with an infected link or attachment, and opening it, thus infecting the entire network. From accessing electronic patient records, to temperature control in operating theatres; the digital transformation that is driving enhanced healthcare delivery must have security built-in.

How can organisations protect themselves?
Cyber resilience is essential to ensure that the digital systems healthcare delivery is dependent on, can continue to support effective patient care. NHS Digital have developed a cyber security support model (CSSM) which will help organisations increase their Cyber Security in line with best practice. The programme helps organisations improve their capability and to become compliant with the Network and Information Systems Regulation, Data Security Protection Toolkit and the well-led section of Care Quality Commission (CQC) inspections.

Cyber Operational Readiness Support (CORS) is one aspect of the CSSM delivered by Templar Executives as specialist suppliers to NHS Digital. The programme promotes holistic cyber security solutions that bring together people, processes and technology. Experts are deployed onsite to NHS organisations to help identify cyber risks and address security critical issues that can have clinical impact and threaten patient safety. Templar also provide GCHQ certified Board-level briefings to Trusts through NHS Digital helping to ensure that non-executive directors and chairs, are able to provide effective governance of this critical issue and support their executive teams to manage the risks and take the essential mitigating actions.

For all organisations, the digital world brings with it a range of Cyber Security threats and vulnerabilities, but for the healthcare sector, the impacts of a successful cyber attack could be particularly devastating. However, as the work by NHS Digital and Templar Executives aims to demonstrate, with appropriate security measures, this risk can be exploited to develop enhanced patient outcomes and care solutions. If health and care organisations want to find out more about how they can be supported to be cyber-ready please contact cybersecurity@nhs.net.

For more information on the services Templar Executives can provide, please direct any questions to cors@templarexecs.com.

1 – https://www.telegraph.co.uk/technology/2018/10/11/wannacry-cyber-attack-cost-nhs-92m-19000-appointments-cancelled