Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Information Security Risks in NHS

Verified

Added on 2020/09/17

AI Summary

The report highlights various information security risks and threats in the NHS, including ransomware attacks, fractured security systems, and personal data theft. It emphasizes the importance of risk management and proposes strategies for addressing these challenges. The report also mentions the role of information security managers in creating awareness and providing training to staff.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Strategic Information
Security

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Table of Contents
INTRODUCTION...........................................................................................................................1
Main body........................................................................................................................................1
Assistance in developing a security program..............................................................................1
Reflection on current roles and titles of the security personnel and suggestions for
improvements..............................................................................................................................2
Plan to make such changes incorporating training requirements...............................................3
Determining if the organisation uses any ISO security standards and provide reasoning which
security model would be more suitable.......................................................................................4
Threat determination ..................................................................................................................5
Risk assessment...........................................................................................................................6
CONCLUSION ..............................................................................................................................6
REFERENCES................................................................................................................................8

INTRODUCTION
Strategic information security can be simply defined as plans of enforcing security in the
organisation. It is a very essential as various threats to information security is occurring day by
day. It prevents access of unauthorised users, usage, revelation, interruption, alternation or
destruction of information (Collier, 2017). The present report is based on the management of
information security for the NHS (National Health Service ). In this project, the development of
a security program on the basis of the size of organisation such as small, medium or large is
explained. The present role and responsibilities of the security personnel is also described here.
Main body
Assistance in developing a security program
It has been seen that the important data of the organisation is being hacked by intruders.
Security programs can be used in NHS for providing protection in order to conserve or secure
those sensitive informations. Corporation can adapt various processes to develop a security
program. Some of the important one are listed below:
 Make security part of company culture : Hackers wants to hack the informations or
details of patients , so hospitals and other health centres are the main targets of them.
These enterprises can adopt such type of norms and values that can provide them
protection and security at the core of operations (Chinthapalli, 2017). By this way, they
can aid workers in keeping a proactive mindset of paying attention to security from the
first day. NHS can use tactics such as mentor program, town halls, professional
improvement for better communication with their staff members.
 Don't treat it as “check the box” : Running through the motion can increase the level of
vulnerabilities of corporations to the faster – developing nature of cyberattacks.
Malicious users are continuously coming up with ingenious plan of actions to penetrate
and crippled the systems. Their hostility can only be full filled by retroactive,
innovational thought geared toward acting a pace ahead (Galliers and Leidner, 2014). It
is essential to know by the enterprise about the what legacy systems are present on their
network and where they might have possible vulnerability. Abstracting legacy systems
from the primary networks would assist in limiting the revealing to attacks.
1

 Teach people the basics : In most of the cyberattacks, involving the very new incident, a
single user can corrupt the whole or complete systems of the organisation by only
opening a wrong email. So, corporation should assure that each and every employee
know how to identify a distrustful email, imperfect documents or files and various other
red flags (Martin, Kinross and Hankin, 2017). NHS should equip their team members
with the primary or fundamental cyber security knowledge and best activities. This will
assist in eliminating different routes or path for malware to penetrate systems.
 Update the systems : Most of the nations and organisations that are influenced by the
Wanna-cry ransomware attack were those that had not modify or updated their operating
systems in a regular time interval. It is now determined that intruders take use of a hole
present in the Microsoft operating systems. Microsoft has been offered a patch to remove
or fight with this exposures few months ago. Even so these attacks are still
overpoweringly effective because of the reason that NHS computer systems were taking
use of a out-of-date version of Windows XP which is 15 years old (O'dowd, 2017). It
does not offer any type of support to the updates of security. Additionally, large numbers
of users in all over the world are failed in proactively updating their system accordingly.
So, NHS should be assured that they are using the updated software and also updating
those software that are out-of -date. They should install security patches on regular basis
and develop a potential response plan to assist in handling of responses of attacks. By
taking all of these steps, NHS can defend the health system effectively from various
large scale attacks. They should also keep researching on the cyberattack as well as
cybersecurity so that they can protect themselves from such attacks.
Reflection on current roles and titles of the security personnel and suggestions for improvements
Hospitality sector requires to act upon information security which is needed to set the
various roles and responsibilities. For this purpose, large number of people are involved who
take part in full - filling the task of security with management structure. In NHS, it is important
to clear about the duties and obligation of each person for maintaining effectual information
practices. Some of the current roles and titles of security personnel are described below:
 Information security manager : I come to know that person at this post has the
responsibility of creating awareness as well as provide training to staffs members (Peltier,
2016). He or she has the duty of developing security policies, aims and their connectivity
2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

with the goals. They also have to work on the progression of executing security programs
and addressing issues. NHS can improve their duty by giving them more responsibilities.
They should also provided that task of identifying any threats or attacks to the systems.
 Compliance officer : I realised that compliance officer have to develop autonomous
information security programs (Peppard and Ward, 2016). They have to monitor all
security practices. NHS can improve their duty. They have to give the responsibility to
take care that all of other workers are following the norms of heath care security or not. If
not, then it is their task to inform them about adopting the legislation of the security.
 Information technology users : I identified that information technology users have
responsibility to report all of the security incidents to the manager of information
technology. They should ensure that each individual is adopting security procedures.
NHS need to modify their duty. They now also have to check that all of the users are
using updated software in their systems so that no cyberattacks would affect them.
 Operational duties : I think that administrators have to look after the activities of human
resource which are responsible of creating and managing ethics program facility for
allocating resources.
Plan to make such changes incorporating training requirements
The above mentioned improvement can be done by adopting following measures:
 Arrangement of meeting : A meeting should be arranged where all the personnels of
security have to appear. In this gathering, the updated duty is conveyed to all of them so
that they came to know about their additional job.
 Documentation : The duties of each employee should be documented in a file so that it
can be used at the time of requirement.
 Implementation : By the next day, this plan is implemented where roles and
responsibilities of all personnels are executed. It should be assured that every one is
following their obligations and acting as per that.
 Requirement of training : As the work is is being modified, it is important to arrange a
training and development programme where efficient training regarding accomplishment
of tasks are provided to all (Renaud and Goucher, 2011). The training period may be of
four to five weeks. In this session, leaders remain present who teach them how to solve
any issue related to their works. After learning successfully all the duties should be
3

enforced effectively without making any faults (NHS And Private Healthcare, 2017). As
a result, the level of security gets improved in the NHS.
Determining if the organisation uses any ISO security standards and provide reasoning which
security model would be more suitable
Yes, NHS is following the ISO standards. It is international organisation for
standardizations. It is world's largest creator of voluntary international standards. It is very
riskless, tested and quality of goods and services. It assist in minimising waste and increasing the
productivity. It also provides the facility of free and fair international trade. There are different
families or standards of ISO such as ISO 27001, ISO 27002, etc. NHS should use ISO 27001 so
that privacy regulations of HIPAA can be utilised (Stahl and et. al., 2014). It deals with the
health insurance portability and accountability act. It provides guarantee to customers that NHS
has enforced best practices of information security methods. Some of the benefits of using ISO
27001 are described below:
 Gaining a competitive edge : Now a days, competition has been growing rapidly and it
is very difficult to differentiate companies in terms of their services. But after achieving
certification of ISO 27001, the value proposition gets enhanced. This gives unique
differences in comparison to the challengers. It shows that the clients of NHS has
proactive approach towards the threats of information security and the enterprise is taking
use of good practices for minimising those threats. Accession to the international markets
relies on ISO 27001 compliance. This assists in competing with global competitors.
 Ensuring data privacy and integrity : Most of the companies have to maintain privacy
and integrity to data as a priority task because they keep the personal information of their
clients. ISMS (Information Security Management System) act as an effectual way to
insure impressive management of information security and also reduces the risk linked
with breaches of data (Whitman and Mattord, 2011). NHS can implement and manage its
ISMS on the basis of ISO 27001 as it is the most trustable way of storing data and
controlling its access. It also assures the protection of all information assets and therefore
minimises the possibility of legal prosecution and aids in gaining the trust of customers.
Its procedures helps in detecting any incident of security failure and also take action
against that. It also assures the integrity of data with the aids of its access control and
accretion of data.
4

Threat determination
Various threats are present in the NHS and are increasing day on day. Some of the major
threats of the NHS are explained below:
 Ransomware : It is a type of virus whereby hackers used to encrypt the files of
corporation's and then demands a ransom money or some payment for giving them back.
Commonly, the demands are made in Bitcoin which is an electronic currency that is so
loved by dark web. It was only a concern of time before the NHS attacked by
ransomware, at that time US hospitals were under siege for two years. A couple of NHS
trusts had take their systems offline forcefully for dealing with that attack over the winter.
However, there is a good news that system can be protected from this attack by a
combination of defences (like anti-virus, firewalls, etc. ), consumer education and back-
ups. But it is not an easy task to do so (Galliers and Leidner, 2014). It is surely not easy
when any firm is weak regarding security expertise and consist of large number of old
and divided systems to patch and employs thousands of workers having variable degrees
of cyber security understanding.
(Source : Cassius Puodzius, 2016)
 Fractured security systems : It is said that one bad fish destroys the quality of whole
pond. Like that any weak point regarding security in hospitals make them more
5
Illustration 1: How encryption molded crypto-ransomware

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

vulnerable to attacks. Each and every thing from a wireless printer in a drudging clinic
that is left insecure to a physician or doctor who is utilising smart phone for sharing
diagnostic information with their fellow, could generate holes by which an intruder can
jump. These attacks are carried on all the time in NHS (Stahl and et. al., 2014). If these
trusts cannot secure their devices and fractured security system, they have to assure that
any of the malicious user get in could not access the data of their patients. They can take
use of layered security and different firewalls.
Risk assessment
The risk assessment in NHS can be done by taking following steps:
 Organisation can take use of secure firewalls and anti viruses in their system.
 They should update their system on regular interval of time so that it can be protected
from various attacks.
 NHS should also arrange a training programme where all of the workers are provide
information to detect unsecured mails and corrupted links (Collier, 2017). They should
not open those links or emails.
 Formulating and executing a cyber security risk programmes is one of the approach for
NHS for mitigating the risks linked with cyber threats (Chinthapalli, 2017). An effectual
program consist of initiatives for preventing, detecting, responding and learning
measures.
 Cyber security education and consciousness should be tailored as per the roles of jobs and
functioning. For instance, a software developer should provided a different level of
security training in comparison to the clinician.
 Cyber attacks should needed to be handled by particular trained group who will be able to
understand the implications and can respond in an appropriate manner.
CONCLUSION
From the above based report, it can be concluded that there are large number of threats to
information security of NHS. The personal informations of every patients are in risk of being
theft. Hackers or intruders are hacking the systems of organisation and taking the sensitive data
of users from there. This happens as most of the systems in NHS have outdated security software
and due to that those are more vulnerable to threats. In order to cope with those threats and
6

vulnerabilities, different personnels of organisation are provided some responsibilities and
obligations. They have to follow those and help in creating a protective environment in
corporation. For example, information security manager are responsible for creating awareness
in staff and providing training to them. He or she also has the duty of developing security
policies. Various risks occurring in the organisation and ways to handle them are described in
this report. Risks includes ransomware attack, fractured security systems, etc. It can be handled
by taking help special team of risk management.
REFERENCES
Books & journals
7

Chinthapalli, K., 2017. The hackers holding hospitals to ransom. BMJ. 357. p.j2214.
Collier, R., 2017. NHS ransomware attack spreads worldwide.
Galliers, R. D. and Leidner, D. E. eds., 2014. Strategic information management: challenges and
strategies in managing information systems. Routledge.
Martin, G., Kinross, J. and Hankin, C., 2017. Effective cybersecurity is fundamental to patient
safety.
O'dowd, A., 2017. Major global cyber-attack hits NHS and delays treatment. BMJ: British
Medical Journal (Online). 357.
Peltier, T. R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Peppard, J. and Ward, J., 2016. The strategic management of information systems: Building a
digital strategy. John Wiley & Sons.
Renaud, K. and Goucher, W., 2012. Health service employees and information security policies:
an uneasy partnership?. Information Management & Computer Security. 20(4). pp.296-
311.
Stahl, B. C. and et. al., 2014. Critical theory as an approach to the ethics of information security.
Science and engineering ethics. 20(3). pp.675-699.
Whitman, M. E. and Mattord, H. J., 2011. Principles of information security. Cengage Learning.
Online
NHS And Private Healthcare. 2017. [Online]. Available through :
<https://www.perspectiverisk.com/about-you/sectors/nhs-and-privatehealthcare/>.
Accessed on 29th September 2017.
8

1 out of 10

+13062052269

info@desklib.com

Information Security Risks in NHS

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Cybersecurity: Protecting Home and Office from Cyberattacks

PfSense: A Comprehensive Cybersecurity Tool for Intrusion Detection System

Network Security and Types of Security Threats and Attacks in Information Technology

JP Morgan Data Breach

Information Systems Security: IT Security Fundamentals, Vulnerabilities, and IBM Security Architecture

Ethical Issues in Technology and Hacking