Our first cyber security round-up of 2020 details updates to NHSmail and advice from the National Cyber Security Centre on the use of Windows 7, after Microsoft officially ended support for the platform.

Three-quarters of healthcare organisations suffered a cyber-attack in 2019

New research by data security provider Clearswift suggests that more than three-quarters (67%) of healthcare organisations in the UK have experienced a cyber security incident in the past year.

The research, which surveyed senior business decision-makers within healthcare organisations, found that almost half (48%) of incidents within the sector occurred as a result of introduction of viruses or malware from third-party devices – including IoT devices and USB sticks.

The survey found that further causes of cyber security incidents included employees sharing information with unauthorised recipients (39%), users not following protocol/data protection policies (37%), and malicious links in emails and on social media (28%).

The report once again highlights the serious threat that data breaches and malicious attacks pose to health data in the UK.

Alyn Hockey, VP of product management at Clearswift, said: “The healthcare sector holds important patient data, so it is alarming to see such high numbers of security incidents occurring in the industry.

“The healthcare sector needs to securely share data across departments and organisations in order to facilitate excellent patient care.

“With the proliferation of third-party devices in this process, it’s more important than ever that the industry bolsters its cyber security efforts to reduce the risk of everything from unwanted data loss to malicious attacks and focusses on keeping patient data safe and secure.”

NHSmail updates to improve security and user experience

NHS Digital is updating NHSmail to improve cybersecurity and save some 40,000 manual work hours for staff.

Dan Jeffery, head of innovation, delivery and business operations at NHS Digital’s Data Security Centre, detailed a number of improvements being made to the NHSmail platform around security, identity verification and user experience in a blog post on 6 January.

This includes a system to automate the movement of user accounts between NHS mail organisations that Jeffrey said would lead to “millions of pounds worth of efficiency savings.”

A password synchronisation micro-service allowing users to synchronise their password from the NHS Directory to their local active directory, and behavioural and transactional analysis providing insight into user behaviour, are also in the pipeline.

Jefferey said: “NHSmail is more than just an email service. The system manages the identities of all users within the Microsoft Active Directory in the NHS and allows local administrators to manage accounts within the NHSmail portal.

“Typically, NHS organisations will manage local identities within their own Active Directory and use the NHS Electronic Staff Record for workforce management, including the on-boarding and off-boarding of employees.

“With more than 13,000 health and care organisations in England and Scotland using NHSmail and 64,000 movements of user accounts every month, the burden is real and the security implications relating to identity are acute. But that also means the opportunity for improvement is significant.”

NCSC warns against using Windows 7

The National Cyber Security Centre (NCSC) has warned the public not to use Windows 7 to access internet banking or email applications after Microsoft pulled support for the operating system last week.

NCSC, the public-facing arm of the UK’s GCHQ intelligence service, said that people running the now-outdated Windows 7 to upgrade to Windows 10 in order to avoid possible cyber security attacks.

Microsoft official ended support for Windows 7 on 14 January, meaning computers running the software will no longer receive security and other important updates.

NCSC said in a statement: “The NCSC would encourage people to upgrade devices currently running Windows 7, allowing them to continue receiving software updates which help protect their devices,” an NCSC spokesman said.

“We would urge those using the software after the deadline to replace unsupported devices as soon as possible, to move sensitive data to a supported device, and not to use them for tasks like accessing bank and other sensitive accounts.

“They should also consider accessing email from a different device.”

Almost half of respondents to the latest Twitter poll run by Infosecurity Europe, Europe’s number one information security event, admit they would be completely unaware if a cyber breach occurred in their organisation. The poll was designed to explore incident response, an area that has come under recent scrutiny following Travelex’s response to its New Year’s Eve cyber-attack, which left many of its systems down and impacted travel currency sales.

Poll suggest half of people “wouldn’t know” warning signs of cyber security incident.

Almost half of respondents to a Twitter poll run by Infosecurity Europe admitted that they would be completely unaware if a cyber security breach occurred in their organisation.

In answer to the question: “If a cyber breach occurred, how quickly could you discover it?” 47.6% conceded they simply would not know.

The poll was designed to explore incident response, an area that has come under recent scrutiny following Travelex’s response to its New Year’s Eve cyber-attack, which left many of its systems down and impacted travel currency sales.

According to Maxine Holt, research director at Ovum, this reflects a widespread issue. “Discovering a breach well after the event is usual. Uncovering breaches is not easy, but proactive threat hunting is an approach being increasingly used by organisations.

“Regularly scanning environments to look for anomalies and unexpected activity is useful, but it can be difficult to deal with the number of resulting alerts. Ultimately, effective cyber hygiene involves having layers of security to prevent, detect and respond to incidents and breaches.”

The poll also examined risk insight, asking: “What understanding do you have of your information assets?” A worrying 44.7% revealed they had “very little” understanding, with 30.7% stating they had “some” – and only 24.7% said their grasp was “comprehensive”.

Bev Allen, CISO at Quilter, said: “Many companies don’t know what or where all their information assets are. They may think they do; but if they’re wrong this leaves them vulnerable to breaches. Consistent knowledge of your assets takes effort; you need tools and systems to record what you have, you need people to follow appropriate processes, and you need to search to find out what you don’t know about and where it is. This search must be done regularly.”