UK cybersecurity body ramping up support to shield burdened NHS


Cybersecurity efforts in the UK have been focused on the health industry, as hackers and cybercriminals set their sights on a burdened NHS during the Covid-19 pandemic, a recent report by the Kingdom’s National Cyber Security Centre (NCSC) stated.

“What we’ve done as an organization is really pivot towards the health sector to try and give them the best support we can in thinking about their cyber defense to let them focus on responding to the pandemic,” Lindy Cameron, CEO of the NCSC said.

According to the report, protecting healthcare has been a top priority during the pandemic. 

To achieve this, the NCSC introduced measures including the design of a new back-up service, pioneering discovery tradecraft and deploying analysts to look at NHS threat data. 

This was facilitated by the Department of Health and Social Care (DHSC) signing a “Direction” giving the NCSC consent to check the security of NHS IT systems.

As a result, more than one million NHS IP addresses were supported, over 160 high-risk and critical vulnerabilities were identified and shared, and threat hunting performed on 1.4 million endpoints.

In terms of the NHS support, out of the 723 cyberattacks that occurred within the UK this year, 230 of them were Covid-19-related incidents, representing almost a third of all total cybersecurity breaches. 

The 230 attacks are estimated to have affected almost 1,200 victims that the NCSC has helped deal with during the course of the past year, rendering it the highest number of incidents since the NCSC was established. 

Unfortunately, the number of attacks will continue to rise, as technological advancements surge amid the pandemic and as hackers become more ambitious. 

The report also revealed that in July a Russian cyber group thought to be connected to Russian intelligence, targeted organizations involved in coronavirus vaccine development.

“The expertise of the NCSC, as part of GCHQ, has been invaluable in keeping the country safe: enabling us to defend our democracy, counter high levels of malicious state and criminal activity, and protect against those who have tried to exploit the pandemic,” said Jeremy Fleming, Director of GCHQ. 

The nationwide move to remote work also posed a new challenge for the NCSC who saw a large increase in phishing emails. In total, the NCSC responded to more than 200 incidents related to Coronavirus and scanned over one million NHS IP addresses to detect cybersecurity weaknesses.

“The years ahead are likely to be just as challenging, but I am confident that in the NCSC we have developed the capabilities, relationships and approaches to keep the UK at the forefront of global cybersecurity,” Fleming added.

The cybersecurity body was able to roll out Active Cyber Defense services, including Web Check, Mail Check, and protective DNS, to 235 front-line health bodies across the UK, including NHS Trusts to shield them against phishing attacks and other threats.

In parallel, the report highlighted that the NCSC has dealt with three times more ransomware attacks than it did last year as attacks become more targeted and more aggressive; while 260 SMS Sender IDs were blocked due to their suspicion of being used in malicious SMS campaigns with Coronavirus as their theme, such as spoofing legitimate government or healthcare IDs. 

This was in correlation with almost 15,000 Coronavirus-related malicious campaigns taken down by the NCSC and its commercial partner, Netcraft.