Ethical Hackers to Boost NHS Cyber-Defences
The NHS is spending £20m to set up a security operations centre that will oversee the health service’s digital defences.
It will employ “ethical hackers” to look for weaknesses in health computer networks, not just react to breaches.
Such hackers use the same tactics used in cyber-attacks to help organisations spot weak points.
In May, one-third of UK health trusts were hit by the WannaCry worm, which demanded cash to unlock infected PCs.
In a statement, head of the data security centre at the NHS, Dan Taylor, said the centre would create and run a “near real-time monitoring and alerting service that covers the whole health and care system.”
The centre would help the NHS improve its “ability to anticipate future vulnerabilities while supporting health and care in remediating current known threats”.
NHS Digital, the IT arm of the health service has issued an invitation to tender to find a partner to help run the project and advise it about the mix of expertise it requires.
Security vulnerability manager, Kevin Beaumont, welcomed the plan to set up the centre.
He told the BBC: "This is a really positive move."
Many private sector organisations already have similar central teams that use threat intelligence and analysis to keep networks secure.
Mr Beaumont said: "Having a function like this is essential in modern-day organisations.
"In an event like WannaCry, the centre could help hospitals know where they are getting infected from in real time, which was a big issue at the time, organisations were unsure how they were being infected".
In October, the UK’s National Audit Office (NAO) said NHS trusts had been caught out by the WannaCry worm because they had failed to follow recommended security policies.
View Internet News Archive