Cybersecurity in Healthcare
Technology is transforming how people access and receive health and care services. As a result, cyber security is critical in healthcare to protect from cyber threats, keep sensitive data secure and ensure people can continue to access the healthcare information and the services they need. The Lancet has previously reported the main challenges of cyber security in the NHS as:
- Navigating accountability in large organisations
- Clearly defined responsibilities for security and platform preparedness
- The unique heterogeneous nature of the NHS IT landscape
- Under-investment in NHS support services, such as IT and infrastructure
- Increased risk of human error due to a large and multi-skilled workforce
In the last decade, public services have undergone rapid digital transformation, and SIEM tools such as Splunk or MS Sentinel have been implemented in many NHS trusts to ensure security and compliance over this growing amount of sensitive data. However, despite regulatory controls around data privacy; data breaches, ransomware attacks and have become a real risk to the NHS’s ability to provide services and keep patient data safe.
SIEM in The NHS
While SIEM tools are widely used for security and compliance purposes, each trust can uses them quite differently, and many might have limited or no dedicated cybersecurity teams. Often, cybersecurity falls under the umbrella of a wider ITOps or network infrastructure remit. As a result, management and oversight of the platform become just one of many other responsibilities.
Internal teams are responsible for deploying and maintaining the platform, but the output from the SIEM is used in other parts of the trust, such as risk, audit, data, and compliance departments, which define how the platform is used. It can be hard to build a joined-up picture between the platform itself and what it delivers to the trust.
Setting up and maintaining a SIEM platform presents numerous hurdles:
- Limited understanding of mitigation strategies.
- Time and resource constraints.
- Evolving technology requiring ongoing adaptation.
- Costly inefficiencies and maintenance burdens.
- Need for specialist knowledge on advanced features.