NHS weathers cyber crime storm during pandemic, says NCSC
The National Cyber Security Centre (NCSC) has responded to almost 200 cyber security incidents related to the UK’s Covid-19 coronavirus pandemic response during the past eight months, 28% of all the events it has investigated in the past 12 months, and supported 230 victims of Covid-19-related incidents, a significant number of them impacting the healthcare sector, and the NHS specifically.
In its newly published annual review – the fourth produced by the NCSC since its inception – the organisation reflected on the dramatic increase in cyber security threats in what its chief executive Lindy Cameron described as a year of two halves that saw it pivot rapidly to Covid-19 response, particularly in support of the NHS.
“This review outlines the breadth of remarkable work delivered by the NCSC in the past year, largely against a backdrop of the shared global crisis of coronavirus,” said Cameron, who took up her post in September, succeeding Ciaran Martin.
“From handling hundreds of incidents to protecting our democratic institutions and keeping people safe while working remotely, our expertise has delivered across multiple frontiers,” she said. “This has all been achieved with the fantastic support of government, businesses and citizens and I would urge them to continue contributing to our collective cyber security.”
During the pandemic, the NCSC has shared more than 160 instances of high-risk and critical vulnerabilities with the NHS, scanned over a million NHS IP addresses to detect security weakness, shared 51,000 indicators of compromise (IoCs) with the health service, performed threat hunting on 1.4 million NHS endpoints, and rolled out its Active Cyber Defence (ACD) service to 235 frontline health bodies. It also assisted the Centre for the Protection of National Infrastructure (CPNI) on the secure build of the UK’s seven Nightingale hospitals.
NHSX CEO Matthew Gould said: “The NCSC’s support during a time of unprecedented pressure on the NHS has been invaluable. The close working between NHSX, NHS Digital and the NCSC has let us have the maximum impact improving the NHS’s cyber resilience with minimum burden on the NHS frontline.”
The NCSC’s review also detailed some of its work in securing the controversial NHS Covid-19 app and the NHS Test and Trace programme, taking into account factors such as security best practice, transparency and openness with the general public, and community feedback through a vulnerability disclosure programme run by bug bounty specialists at HackerOne.
More widely, the NCSC’s pandemic response also included new resources to support the transition to remote working, and to help deal with a huge increase in malicious emails and phishing lures ‘themed’ around Covid-19.
Notably, its Suspicious Email Reporting Service (SERS), launched in April at the height of the pandemic’s first wave, has been a runaway success, with 2.33 million reports received from the general public, 22,237 malicious URLs taken down or blocked, and 9,315 scams busted. Members of the public can still report suspicious emails by forwarding them to email@example.com.
Clinton Blackburn, City of London Police commander, said: “Phishing is often the first step in a lot of fraud cases we see. It provides a gateway for criminals to steal your personal and financial details, sometimes without you even realising it, which they can then use to take your money.
“Unquestionably, a vast number of frauds will have been prevented thanks to the public reporting all these phishing attempts. Not only that, but it has allowed for vital intelligence to be collected by police and demonstrates the power of working together when it comes to stopping fraudsters in their tracks,” said Blackburn.
The full report, which can be downloaded from the NCSC (along with specific cyber security guidance covering all aspects of a fit-for-purpose security policy), also covers the NCSC’s work fighting back against some of the other biggest threats of the past 12 months, perhaps most notably ransomware – it saw a threefold increase in ransomware attacks since late 2019.
It also included its work securing the 2019 General Election, particularly around voter registration; its role in the government’s decision to remove Huawei from the UK’s telecoms networks; and its long-running drive to develop a pipeline of diverse new cyber security talent through programmes aimed at young people.