NHS at risk of further major cyberattacks this year, experts warn

Sign up for our free Health Check email to receive exclusive analysis on the week in health

Get our free Health Check email

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Healthcare providers in the UK are at risk of increased cyberattacks, experts have warned, as NHS trusts and 111 services continue to battle a major outage.

Healthcare organisations are already facing more than 700 cyberattacks a week, according to one major cybersecurity provider, while another warned they have seen a huge increase in attacks globally this year.

Deryck Mitchelson, former chief information security officer for NHS Scotland and chief information security officer for cybersecurity provider Check Point, told The Independent the NHS was particularly vulnerable following Covid due to the increasing use of cloud and IT services.

He said the service has got a “much bigger threat landscape now than it had before” and there was likely to be “major cyberattacks” in the near future.

“I think we’ve seen one or two of them, I expect we’re going to have more as the year goes on. This is a wake-up call for the NHS because I expect there will be many more attacks within this year, and going into the next year as well,” the former CISO added.

The warnings come during a widescale cyberattack on a supplier of NHS IT systems, Advanced, which has led to NHS 111 services, GP out-of-hours services and trusts being unable to access patient record system Carenotes since last Thursday.

The provider’s system Adastra is used by 85 per cent of NHS 111 services.

On Wednesday, The Independent revealed NHS staff at a mental health trust have been told they may not have access to patients’ care records for more than three weeks as a result of the attack.

NHS mental health trust chiefs have said they fear the sector is not being prioritised over NHS 111 in terms of fixing the issue.

In an update on Thursday, Advanced said the disruption to its systems was caused by a ransomware incident.

According to reports in the Health Service Journal (HSJ) criminals have issued demands to Advanced following the attack. The HSJ previously reported a warning from NHS England over the threat of cyberattacks from Russia following the onset of the invasion of Ukraine.

In its annual report, Check Point said UK health providers were already experiencing 785 cyberattacks a week, while globally there was a 69 per cent rise in attacks in 2022 compared to 2021.

In May, there were more than 1,000 phishing emails from an NHS IP address using “hijacked” NHS employee emails, it said.

Mr Michelson said there had been an increase in the number of attacks during Covid as those targeting organisations looked for opportunities to attack when services were “distracted”.

He said: “I think the NHS managed to balance digital security along with Covid well, but they’re always looking for chunks of weaknesses.

“I think there needs to be a coordinated plan on investment in security in the NHS to actually shut it off to attacks. It is a critical national infrastructure that needs to at least have the same level of investment, for example, that an energy company would have.”

He warned the NHS was also vulnerable to third-party attacks, which is what has happened with Advanced.

Software provider Kroll also said it had seen a 90 per cent increase in attacks on healthcare organisations globally in the past three months compared to the first quarter of 2022.

According to Kroll, healthcare overtook professional services as the most frequently targeted sector in the second quarter of 2022, accounting for 21 per cent of all cases compared to 11 per cent in the previous quarter.

Laurie Iacono, associate managing director for Cyber Risk at Kroll, said: “It is concerning to see healthcare rise so dramatically up the most targeted industry list, at a time when services are undoubtedly still under pressure as they recover from the strained environment caused by Covid-19.

“Ransomware is always disruptive, but its ability to grind company operations to a halt becomes more significant in an environment where business continuity means saving lives. The legacy of the pandemic can perhaps also be seen in the vulnerability of external remote services.”