The government defines cyber-facilitated fraud as a ‘deception to make a gain, or cause a loss, in relation to money, services, property or goods, which uses data or access obtained through cyber breaches or attacks’. The most common enabler is reported to be phishing, but others include ransomware, spyware, malware, hacking including online takeovers, and denial of service attacks.
In 2017 the NHS was one of the largest victims of the WannaCry ransomware attack which impacted not only desktops, but also medical equipment. Ransomware is malicious software which can block access to a computer system until a ransom is paid or the system otherwise restored. It has the potential to impact on patient care with appointments being delayed or cancelled and, in some cases, affect patient safety as mortality rates can increase. The Cyber Security and infrastructure Security Agency (CISA) have published warnings of credible threats of cybercrime towards US hospitals and healthcare providers with TrickBot and BazarLoader malware disseminated via phishing campaigns, which have the potential to lead to ransomware attacks and service disruption, as well as data theft.
Health data is perceived to be some of the most senstive data and now has the potential to be more valuable than banking data on the dark web. In the last few years data thieves have been attracted by the prospect of exploiting medical data due to its value, with medical records reportedly sold on the dark web for up to $1,000. In comparison, details of a credit or debit card can be sold for between $5-110, with the difference potentially due to the ability to change banking data when it has been compromised, whereas an individual’s health history cannot be altered.
This means the NHS and other healthcare agencies are potentially valuable and profitable targets for cyber criminals with medical data stolen for extortion or for impersonation and identity theft. Therefore, not only does the NHS have to be conscious of cyber enabled attacks, including attempts to steal medical data, but also of the potential for stolen data to be used to commit fraud against it. This can take the form of a phishing scam or a patient impersonating another in an attempt to gain access to NHS care, including illegally obtaining prescription medication. This could directly impact genuine patients as their medical records may come to contain information relevant to another individual, potentially causing harm or delaying care. Furthermore, a patient who may have been chargeable but who used the identity of an individual entitled to care without charge will be leaving the NHS with a financial deficit.
The NHSE Cyber Security Operations Centre (CSOC) is responsible for protecting healthcare systems from cyber-attacks 365 days a year. They provide an early warning system for potential threats to the NHS and health sector organisations in the form of cyber alerts. A wide range of threat intelligence feeds are monitored, intelligence is collated, and alerts are triaged, with dedicated resources on the team who go hunting for threats.
The NHSCFA actively monitors and gathers threat intelligence from multiple sources relating to cyber threats, from within the NHS as well as public and commercial threat intelligence feeds to protect the organisation. We also have an ongoing programme for all our employees to raise security awareness and improve resilience and resistance to cyber threats and attacks.