The NCSC have raised the threat alert level, meaning there is an increased chance of a cyber-attack targeting UK interests, including the NHS.
In response to this, on 29th April 2022 Cheshire and Merseyside Healthcare and Care Partnership (C&M HCP) held the second annual Cyber Incident Response Preparedness workshop, using scenario-based exercises to test the effectiveness of the Partnership’s Cyber Incident Management Plan. This workshop was organised and facilitated by Gemserv, who are also cyber security partners to C&M HCP and presented a bespoke scenario developed for C&M HCP based on their experience of resolving cyber security incidents throughout the UK’s Critical National Infrastructure, including the healthcare sector.
The objectives of the event were to:
- Increase familiarisation with the C&M HCP Cyber Incident Management Plan.
- Identify of gaps and improvements to the process and plan.
The cyber threat facing C&M and the healthcare sector continues to evolve, and these organisations face a very real possibility of targeted cyber attacks against their web presence and IT infrastructures. Cyber incidents in the healthcare sector, as demonstrated by the WannaCry Ransomware attack in 2017, can have cause widespread disruption and even lead to physical threats, such as cancellation of non-emergency healthcare services whilst cyber incidents are dealt with.
The Cyber Incident Response Preparedness Workshop was developed in line with international best practice guidance for responding to cyber incidents, providing all participants with experience in the identification, containment, eradication and recovery phases of cyber incident response. It is important that all levels of an organisation are given the training to deal with cyber incidents, gaining experience in a ‘safe’ and realistic setting, so that in the event of a real-life attack, C&M HCP can respond in a timely and well structured manor.
Examples of the threat exercises included a complex fast moving ransomware narrative and the consideration of third party supply chain breach. The scenario was progressed through a series of further iterations which took the cyber threat through a number of unexpected twists, although all extremely plausible. Feedback was gathered from participants and numerous stages throughout the exercise to ensure that detailed lessons learnt could be identified and to add to the overall learning gained from the exercise
After the exercises had been completed, questions were posed to the event attendees to identify areas of improvement.
The event was very well received, with positive feedback from several participants. A number of improvements to the existing Incident Management plan have been identified and will be reviewed for inclusion in the updated process. Paul Young, Cyber Resilience Programme Manager of C&M HCP attended the event and stated:
It was an incredibly valuable event and we were very pleased to facilitate it. The lessons learnt will help C&M HCP be more resilient to cyber-attacks, both through prevention and recovery management.