NHS Cyber Resilience - Strengthening Through Collaboration and Innovation

Strengthening Cyber Resilience Across the NHS

The UK’s National Cyber Security Centre (NCSC) is actively working to enhance the cyber resilience of the National Health Service (NHS) through a coordinated strategy that involves collaboration between government and industry organizations. This initiative is crucial as the NHS increasingly relies on digital systems for its operations, making it a prime target for cyber threats.

Recent incidents, such as the ransomware attack on Synnovis in June 2024, which led to the cancellation of 1,500 operations and appointments, underscore the critical need for robust cybersecurity measures. This attack, linked to the death of a patient, highlights how cyber incidents can have devastating impacts on patient care and safety. Additionally, a ransomware attack in 2022 on Advanced Computer Software Group resulted in the theft of data on tens of thousands of individuals, causing major disruptions to patient referrals and emergency services.

Key Pillars of the NCSC Strategy

The NCSC's strategy to improve NHS cyber resilience is built on several key pillars:

• Active Cyber Defence (ACD) 2.0 Program: Piloting new tools and services to enhance security.
• Software Supply Chain Security: Strengthening the security of software procurement processes through the Software Security Code of Practice, which helps NHS organizations assess the cyber maturity of their suppliers.
• Vulnerability Management: Establishing internal vulnerability disclosure processes for NHS England, NHS Business Services Authority, and NHS Scotland, alongside the NCSC’s Vulnerability Reporting Service (VRS).
• Threat Intelligence Sharing: Managing vulnerability disclosures and sharing threat intelligence to improve overall situational awareness.
• Visibility and Defensive Tradecraft: Enhancing technical capabilities to better understand the threat landscape and deploy effective defensive measures.
• Promoting NCSC Tools and Services: Including the Early Warning service, Cyber Action Toolkit, and Cyber Essentials scheme to bolster defenses across the NHS.

Collaborative Efforts and Innovations

Collaboration has been a driving force behind recent improvements. The NCSC has partnered with healthcare organizations to utilize data science tools for understanding and prioritizing supplier cyber risk. This involves analyzing incident history, vulnerability activity, and remediation patterns to inform more proactive security measures. Plans are underway to expand this initiative by integrating data from the NCSC Early Warning service with technical indicators to enhance risk management.

The NCSC has also conducted Threat Hunting Workshops, bringing together cyber analysts from various sectors to tackle real-world threats and develop defensive strategies. These workshops have produced significant insights, including approximately 63 crowdsourced threat hypotheses that contribute to community-led discussions on cybersecurity.

The Importance of Cyber Resilience

The urgency for building resilience within the NHS is underscored by historical incidents, including the WannaCry attack in 2017, which cost the health service an estimated £92 million. The NCSC emphasizes that cybersecurity challenges are too complex for any single organization to tackle alone, advocating for a model of shared responsibility across the healthcare sector and beyond.

The NHS App has also taken a lead in cybersecurity by being the first government-sponsored app to offer passkeys as a login option, setting a precedent for other organizations to follow.

Looking Ahead

As the NCSC continues to expand its initiatives, including ongoing work in External Attack Surface Management (EASM) and deception technology, the focus remains on fostering a culture of collaboration that can serve as a model for other critical sectors. By aligning priorities and sharing insights, the NHS and its partners are paving the way for a more secure future, ensuring that essential healthcare services can operate safely and effectively.

Nicholas W., of the NCSC’s National Resilience Directorate, concludes that this collaborative approach not only reduces risk across the NHS but also offers valuable lessons for other sectors facing similar cybersecurity challenges.