Unlock the Editor’s Digest for Free
UK Government Takes Action to Improve Cybersecurity After Ransomware Attack on NHS
The Impact of the Hack
In June, a cyber attack by Russian group Qilin disrupted healthcare services for thousands of patients registered with big London hospitals. The attack, which was carried out on Synnovis, a public-private pathology joint venture, highlighted the vulnerability of digital "supply chains" that serve state institutions. The hack resulted in the postponement of 3,396 outpatient appointments and 1,255 elective procedures at King’s and Guy’s and St Thomas’s hospitals.
Why Cybersecurity is a Growing Concern
The increasing use of private service providers by the NHS, a policy of both Conservative and Labour governments, has created an additional layer of vulnerability. Experts believe that there is a huge gap in the system, as there is no clear regulator for healthcare cyber security that investigates the patient safety impact of cyber security incidents, monitors supplier behavior, and enforces punishments for non-compliance.
The Need for Strengthened Cybersecurity
The big international IT outage on Friday, which left most GP surgeries in England unable to access patient record systems, further highlights the profound impact of disruption to digital services on the NHS. To address these concerns, the UK government has proposed a cyber security and resilience bill, which aims to strengthen cybersecurity rules and reporting requirements.
The Bill’s Key Features
The bill aims to:
- Strengthen cybersecurity rules and reporting requirements for private companies supplying public services
- Resource regulators through potential cost recovery mechanisms
- Widen powers to investigate potential cyber vulnerabilities
- Implement stricter penalties for non-compliance
The Impact on Healthcare
The proposed bill will have a significant impact on the healthcare sector, which is a main focus of the move. The government has highlighted how the Synnovis hack in June has so far led to the postponement of outpatient appointments and elective procedures.
Expert Views
Dr Saif Abed, a former NHS doctor and expert in cybersecurity and public health, believes that there is a huge gap in the system. "We don’t have a clear regulator for healthcare cybersecurity that will investigate the patient safety impact of cyber security incidents, monitor supplier behavior and enforce punishments for non-compliance," he said.
Dr Saira Ghafur, lead for digital health at Imperial College London’s Institute of Global Health Innovation, welcomed the bill as a "definite step in the right direction" towards protecting healthcare. However, she emphasized the need for further details to be established, including which regulator would oversee the new rules, how they would be implemented, and what sanctions they would contain if companies failed to use adequate security.
Conclusion
The UK government’s proposed bill is a crucial step towards improving cybersecurity and protecting the NHS from future attacks. As the healthcare sector becomes increasingly reliant on digital services, it is essential that measures are taken to ensure the security and resilience of these systems.
FAQs
Q: What is the proposed cyber security and resilience bill?
A: The bill aims to strengthen cybersecurity rules and reporting requirements for private companies supplying public services, resource regulators through potential cost recovery mechanisms, and widen powers to investigate potential cyber vulnerabilities.
Q: What was the impact of the Synnovis hack on the NHS?
A: The hack resulted in the postponement of 3,396 outpatient appointments and 1,255 elective procedures at King’s and Guy’s and St Thomas’s hospitals.
Q: Why is cybersecurity a growing concern in the healthcare sector?
A: The increasing use of private service providers by the NHS, combined with the lack of a clear regulator for healthcare cybersecurity, has created an additional layer of vulnerability.
Q: What are the key features of the proposed bill?
A: The bill aims to strengthen cybersecurity rules and reporting requirements, resource regulators, widen powers to investigate potential cyber vulnerabilities, and implement stricter penalties for non-compliance.
Q: Will the bill have a significant impact on the healthcare sector?
A: Yes, the bill will have a significant impact on the healthcare sector, as it aims to strengthen cybersecurity rules and reporting requirements for private companies supplying public services.
Q: What is the timeline for the implementation of the proposed bill?
A: The timeline for the implementation of the proposed bill has not been disclosed, but it is expected to be passed into law soon.
Author: www.ft.com
Orginal Source link