Healthcare and Cyber Essentials
Healthcare technology is vital for improving clinical outcomes and for transforming care delivery. However, there are growing concerns about the security of healthcare data and devices. Increased connectivity to computer networks has exposed medical devices to new cyber security vulnerabilities.
Stolen medical information is more valuable than financial data
Health data is attractive to criminals. On the dark web, medical records draw a far higher price than credit cards, and can be worth ten times more than credit card numbers on the deep web. Fraudsters can use this data to create fake IDs to buy medical equipment or drugs or to file fictional claims with insurers.
Healthcare providers leak more data than criminal hackers
Personal data breaches of health information are often largely caused by internal issues, rather than leaked data from criminal hackers. Verizon’s 2018 Data Breach Investigations Report highlights that healthcare is the only industry where internal threats are greater than external threats. 35% of breaches are caused by human error, and some employees abuse their access to systems or data.
Cyber Essentials is a recommended framework
In response, and in the aftermath of the WannaCry ransomware attack in 2017, the National Cyber Security Centre and the National Data Guardian Review recommended that all healthcare organisations must achieve Cyber Essentials Plus certification by 2021.
Data Security Standard 9 of the DSP (Data Security and Protection) Toolkit – the compliance standard for cyber and data security for healthcare
organisations and their partners – specifies that:
“A strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework such as Cyber Essentials. This is reviewed at least annually.”
Any organisation that handles health and social care information must use the DSP Toolkit as an assurance framework to evidence that it is practising good data security and that personal information is managed correctly.
Cyber Essentials and the DSP Toolkit
Cyber Essentials Plus certification satisfies multiple conditions of the DSP Toolkit. Achieving certification will prepopulate many of the compliance statements within the online portal, reducing the time and cost needed to demonstrate compliance.
Click here for more information about the DSP Toolkit >>
Implementation of these controls can significantly reduce the risk of prevalent but unskilled cyber attacks. For many organisations, especially those with significant information assets or that are exposed to a wider range of threats, Cyber Essentials is a practical component of a comprehensive cyber security posture.
Speak to an expert
Please contact our team for advice and guidance on our Cyber Essentials solutions.