The UK government has unveiled a new cybersecurity strategy to protect the NHS and social care sector from increasing cyber threats. However, the strategy, while a step in the right direction, lacks the substance and detail seen in other national directives. The strategy is built on five pillars: focusing on the greatest risks, defending as one, people and culture, building security for the future, and emphasising effective recovery and response. It recognises ransomware and supply chain attacks as significant threats and encourages organisations to consider supply chain vulnerabilities when developing their security infrastructure.
However, the strategy has notable omissions. It fails to mention specific technologies or security practices that organisations should adopt to proactively address these challenges. It doesn’t mention Zero Trust, a proactive security model that is fundamental to achieving cyber resilience and mitigating ransomware threats. The strategy also does not outline measures related to securing cyber-physical systems, notably IoT and IoMT networks, which are increasingly becoming targets for ransomware attacks.
The strategy aims to achieve resiliency across health and social care by 2030, a timeline that may be too long given the rapidly evolving threat landscape. The sector needs an immediate push towards cyber resilience, which cannot be achieved with such an extended deadline. The government should set interim and short-term milestones throughout this seven-year timeline and plan for more urgent actions within a 6-24 month timescale. The full implementation plan, expected in the coming months, should include more urgent measures to boost cyber resilience in healthcare.
Source: Silicon UK
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.