An Indirect Hit
The NHS, or National Health Service, is the publicly funded healthcare system for the United Kingdom. They are supported by Advanced who is a managed service provider (MSP). Healthcare companies often outsource their IT departments to other companies to manage the cybersecurity and technical aspects of the business. This allows them to focus on patient care. You’ll find similar or familiar setups for healthcare companies that are based in the United States as well.
Advanced oversees the NHS 111 phone and online-based service that dispenses urgent medical advice. It is similar to the US emergency 911.
A recent cyberattack at Advanced disrupted NHS services. They (Advanced) have had to take part of their network offline to contain the suspected incident, and this has affected some health customer applications that the MSP hosted. That includes aspects of the NHS 111 emergency service. The technical issues have allegedly forced the call operators to revert back to a pen and paper system.
While Advanced issued the following statement, “early intervention from the Incident Response Team “contained this issue to a small number of servers without our vast infrastructure limiting the impact.” The fact remains that it could have had potentially life-altering repercussions for NHS patients. Advanced’s COO Simon Short confirmed the breach “We can confirm that the incident is related to a cyber-attack and as a precaution, we immediately isolated all our health and care environments”
Why It Matters
In the United States, healthcare businesses tend to focus their efforts on HIPAA compliance. And this is of the utmost importance. But patient care includes ensuring that your business is protected with a strong cybersecurity program as well. If you are an MSP that works with healthcare clients, or a healthcare business that hires out your IT services, you need to have a conversation about cybersecurity. What are you doing to protect patient data as well as protect your business? The relationship is far more integrated than you might realize. This is not merely a monthly service to invoice, but an intertwined effort at maintaining patient security and privacy.
Not taking cybersecurity seriously can lead to the failure of one and possibly both of your businesses. Have the conversation now with HIPAA Secure Now, so that you don’t have to have the conversation later with your clients and patients telling them that you didn’t do enough to keep their information safe. We have options for healthcare clients and their MSPs, let’s talk today!