Article written by Chris Booth, ITHealth
Across the broad scope of healthcare provision, a common point for discussion is: how do we deliver quality care amidst growing financial constraints, resource limitations, and the expanding demand for digital services?
The healthcare sector increasingly relies on digital capabilities, prompting governing bodies to issue frameworks aimed at establishing consistent standards for cyber resilience across organisations. The Scottish public sector action plan on cyber resilience, for example, emphasises the need for public sector organisations to:
• Assess cyber resilience arrangements
• Identify areas of strength or weakness
• Attain reasonable confidence in adhering to minimum cyber resilience requirements
• Make informed decisions on achieving higher levels of cyber resilience, based on risk and proportionality
To meet these standards, healthcare organisations must implement a range of initiatives, many of which can be supported by effective use of technology – technology that not only offers real-time visibility and risk assurance, but also provides guidance on recommended actions and mitigations.
Despite the lessons learned from the high-profile 2017 WannaCry outbreak, we continue to see healthcare organisations falling victim to cyber-attacks, through exploitation of vulnerabilities and/or inadequate cyber hygiene. Understanding the attack surface is crucial for implementing preventive measures and stopping such attacks occurring.
Effective cyber security and building cyber resilience must start with knowing the IT estate; only from here can we effectively assess the risk. Deploying ‘quick-to-value’ tools can help enormously, such as the ITHealth Dashboard, which utilises Lansweeper deep-scanning technology. It can be up and running within 24 hours, providing accurate and timely insights soon after. Scaling this approach from individual local organisations to a broader health board-wide view enables the correlation of risks across regions. Furthermore, extending this to a nation-wide viewpoint allows the identification of geographical risk, which is something many national strategies are hopeful to achieve.
ITHealth, with Lansweeper, will be participating at the forthcoming FutureScot Cyber Security 2024 event. During a masterclass session at the event, Chris Booth will be exploring the challenges that come with identifying the attack surface and explaining what organisations can do to achieve a holistic, unified risk-based view of all assets.