Are healthcare organisations finally making a move to the cloud?
It was only a year ago that the global ransomware attack WannaCry was infecting more than 230,000 computers, spanning at least 150 countries. In the UK, we saw the story garner many column inches and public opinion centred on an overwhelming concern about the implications of such an attack and the somewhat muted response of the NHS.
Even though NHS organisations did not report any cases of harm to patients or of data being compromised or stolen, about a third of hospital trusts in England were disrupted and NHS England data showed that at least 80 out of 236 trusts were affected – with 34 infected and locked out of devices (of which 27 were acute trusts), and 46 not infected but reporting disruption. A further 603 primary care and other NHS organisations were infected by WannaCry, including 8% of GP practices (595 out of 7,454).
In the report ‘Lessons learned review of the WannaCry Ransomware Cyber Attack’ released in February 2018, NHS’ Chief Information Officer for Health and Social Care William Smart explained that the work of a cybersecurity researcher, who activated a ‘kill-switch’ on the evening of Friday 12 May, had the effect of stopping WannaCry infecting further devices. Without this intervention, it is likely that the impact that WannaCry had on services would have been even greater.
But a question still remains, is there anything else that could’ve been done to avoid the incident, mitigate the risk of sensitive data falling into the wrong hands, and quickly recover from such an attack? The answer could be the cloud.
Is data more secure in the cloud?
After your data has been encrypted by a ransomware, recovering it is almost impossible, thus, investing in prevention seems to be the securest solution. The first step would be creating secure backups of sensitive data on a regular basis. Keeping in mind that in case of a ransomware attack you need to physically disconnect the storage device to avoid it being infected, it would be best to keep your data backed up in the cloud rather than on-premises.
In an ideal world, the best solution would be to be warned early enough, so you can quickly isolate a ransomware infection and recover important data before the entire network is affected. Some CSPs have enhanced their solutions, for example here at iland we now offer deep packet inspection, encryption, antivirus, anti-malware scans, and integrated reports for compliance and regulatory audits.
These services can include:
- vulnerability scanning
- monitoring of changes to critical files and application control which helps limit or block network access for certain applications firewall event
- identification and prevention of DDOS and other cyber-attacks
- web reputation monitoring and control
- proactive quarantine of known viruses and malware
It is important here to outline that, when confronted by a ransomware attack, your weakest links in the security chain are your endpoints, so users’ devices must be protected with AV protection, regular backups and anomaly detection.
- 69% of healthcare providers plan to move more data to the cloud
- Microsoft releases new health solutions utilising cloud tech
- Salesforce launches its new Health Cloud solution
DRaaS, the ultimate prevention?
While the public opinion was primarily concerned about the consequences of WannaCry’s encryption of NHS patients’ data files and medical systems, what actually caused most damages was the downtime. Moreover, even though a simple backup will let you restore your production database, this will take much more time than a DRaaS solution.
DR is a system of replication combining software and the cloud designed to minimise downtime. It creates a copy of the VM at a secondary location and can fail-over in seconds or minutes. Instead of simply having backups, DR allows organisations to devise a recoverability strategy for when a disaster strikes enabling them to failover production systems and get the organisation back up and running quickly.
DRaaS involves the engagement of a cloud service provider that facilitates some or all the recovery process and hosts the replicated systems in their cloud. DRaaS provides more beneﬁts to healthcare organsiations than secondary sites by providing geographic diversity and the support of an engaged third party to help in an emergency.
Has it convinced healthcare organisations?
While consequences could have been much worse, healthcare organisations became more conscious of the importance of having robust security. This is when cloud computing was looked at as a one of the best threat response strategies. The automation that can be applied to the cloud and the scalability of its monitoring and threat detection means that it’s easier to detect and manage incidents. In terms of security, it shows a proactive process that allows organisations to manage incidents more effectively and enhance malware prevention.
Earlier this year, the Secretary of State for Health and Social Care, Jeremy Hunt, signed off on the first official guidance aiming to help the UK’s National Health Service moving to cloud. The cloud will help them to provide reliable disaster recovery, support for agile deployments, and a freedom from maintaining hardware. However, many seem to still be resistant to this move due to compliance concerns.
Whether it’s identifying and implementing the proper controls in the cloud, passing an audit on cloud resources, or keeping up with changing regulations, IT departments in healthcare firms often don’t have the time or resident expertise to confidently solve the cloud compliance problem.
However, they don’t have to do it alone. Here at iland we have brought together cloud, security, and compliance into one, seamless platform, enabling organisations to get access to the security controls required by HIPAA, the reports needed to complete an audit, and the support from in-house Compliance teams, to answer any questions.
Healthcare organisations should be urged to embrace the cloud, not only because it is an opportunity to reduce cost, but also because cloud technology stimulates innovation, offers greater security and easier scalability than traditional solutions.
Skin Analytics wins NHSX award for AI skin cancer tool
An artificial intelligence-driven tool that identifies skin cancers has received an award from NHSX, the NHS England and Department of Health and Social Care's initiative to bring technology into the UK's national health system.
NHSX has granted the Artificial Intelligence in Health and Care Award to DERM, an AI solution that can identify 11 types of skin lesion.
Developed by Skin Analytics, DERM analyses images of skin lesions using algorithms. Within primary care, Skin Analytics will be used as an additional tool to help doctors with their decision making.
In secondary care, it enables AI telehealth hubs to support dermatologists with triage, directing patients to the right next step. This will help speed up diagnosis, and patients with benign skin lesions can be identified earlier, redirecting them away from dermatology departments that are at full capacity due to the COVID-19 backlog.
Cancer Research has called the impact of the pandemic on cancer services "devastating", with a 42% drop in the number of people starting cancer treatment after screening.
DERM is already in use at University Hospitals Birmingham and Mid and South Essex Health & Care Partnership, where it has led to a significant reduction in unnecessary referrals to hospital.
Now NHSX have granted it the Phase 4 AI in Health and Care Award, making DERM available to clinicians across the country. Overall this award makes £140 million available over four years to accelerate the use of artificial intelligence technologies which meet the aims of the NHS Long Term Plan.
Dr Lucy Thomas, Consultant Dermatologist at Chelsea & Westminster Hospital, said: “Skin Analytics’ receipt of this award is great news for the NHS and dermatology departments. It will allow us to gather real-world data to demonstrate the benefits of AI on patient pathways and workforce challenges.
"Like many services, dermatology has severe backlogs due to the COVID-19 pandemic. This award couldn't have come at a better time to aid recovery and give us more time with the patients most in need of our help.”