The pandemic effect

Out of the five most likely global risks expected in 2019, two of them were data theft or fraud and cyber-attacks. Those statistics are only likely to get worse during 2020. Yet, according to a Research Lab report¹, only a third of healthcare organisations think they are prepared to beat cyber risks.

We’re in the midst of turbulent times, which have also had huge impacts on cybersecurity. During the COVID-19 pandemic we’ve seen changes happen to the way we work and a dramatic increase in the use of technology, almost overnight, that would normally take decades to happen. Working from home and remote appointments have both been scaled up as an urgent necessity, resulting in high risk implications for cyber security.

Leading insurer Beazley² report that the two most common forms of attack to deploy ransomware are phishing emails and breaching poorly secured remote desktop protocol (RDP). RDP enables employees to access their work computer desktops or company’s primary server from home with the press of a button, but the convenience also comes with added risks. Their report also highlighted the Healthcare sector as the biggest target in 2019

Unfortunately remote access has been a boon for Cyber criminals who are targeting employees working from home. Figures from Sonicwall3 show that intrusion attempts are up by 19% year on year. Malware is changing and spreading. Ransomware deployment is up, and office files continue to be leveraged for malicious use. The chances of coming under cyber-attack are greater now more than ever before.

Prevention and cure

Up to 80% of cyber-attacks can be prevented by undertaking Cyber Essentials⁴ – the Government-backed cyber security certification scheme that sets out a good baseline of cyber security suitable for all organisations in all sectors. Using cyber essentials may help reduce the risk of succumbing to an attack: https://www.cyberaware.gov.uk/cyberessentials/ .

This scheme recommends that organisations create a cyber incident plan with breach detection protocols, which detail how to respond, investigation and internal reporting procedures, which will kick into action should the worst happen.

For further advice on steps to take click here: https://www.ncsc.gov.uk/guidance/protecting-your-organisation-ransomware

So what is a breach?

You can find out more information on what constitutes a breach and how to tackle it, from the Cyber Security Incident Reporting Procedure Guide⁵ but breaches can be summarised as:-

Confidentiality breach- unauthorised or accidental disclosure of, or access to personal data
Availability breach- unauthorised or accidental loss of access to, or destruction of, personal data
Integrity breach- unauthorised or accidental alteration of personal data

What to do if you suffer a cyber-attack

Not unlike an A & E department crash team, the cyber essentials advice is to have assigned roles and responsibilities within an organisation that act as an incident response team in the event of a cyber incident. This team should involve technical IT staff, who will need to secure the IT systems to minimise and assess the damage. Senior managers will need to review what happened and instigate remedial measure to prevent it happening again. Finally, they suggest having someone briefed who can handle the administration of the communications to patients and other stakeholders and if necessary, the media.

The key thing is to act quickly and effectively. There is often a significant time lag between the incident taking place and being detected. In a report by Fireeye⁶ the global average lag time was 78 days. This is partly down to the reliance we place on technology. Nothing beats using human judgement and that is why it is important to train employees to recognise a suspicious email and report it. Ensure that every individual in your organisation is cyber aware and can recognise the threats.

Depending upon the severity of the breach, the UK Information Commissioner (ICO) and Department of Health and Social Care (DHSC), will need contacting within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to the rights and freedoms of individuals, organisations must also inform those individuals ‘without undue delay’.

There is an incident reporting tool available through the ICO.
The ICO has produced a guide which may be found on its website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/ .

The Data Security Centre (formerly known as CareCERT) helpdesk can be contacted on 0300 303 5222 or contact enquiries@nhsdigital.nhs.uk

You must keep a record of any personal data breaches, (but don’t put any personal confidential information in the report), regardless of whether you need to notify.
Guidance on the management of incidents in line with the data security standards is available here: https://www.dsptoolkit.nhs.uk/Help/29

If you do fall victim to a Cyber-attack- you must call and notify your insurer immediately as a priority.

Cyber Insurance

For the times when prevention isn’t enough, Cyber Insurance can help you in the aftermath of an attack. Cyber insurance can help protect your business against a range of cyber threats and exposures, including cybercrime, data breaches and system interruption.

Technical expertise and real-world claims handling experience can make the difference between suffering a catastrophic loss or getting back online quickly. All of the insurers we’ve chosen offer a dedicated incident and cyber response helpline. These helplines are available 24/7 so you’re able to react to a cyber-attack quickly and effectively.

Professional indemnity insurance is another cover you may require which will deal with any third party claim in the aftermath of a cyber-attack.

For more information on Cyber cover, call our security expert- Montrose Bill on 01438 870718 or email montrose.bill@miab.co.uk