The data of over a million NHS patients across 200 hospitals has been compromised in a ransomware attack on the University of Manchester, confirmed by leaks to the Independent on 29 June.
The private medical records were being collected by the university for its research. It is not currently knowing who, or which organisation, is behind the attack.
The attack follows a worrying trend in the rise of cyber-attacks in the global health sector.
Between 2022 and 2023, the global healthcare sector saw over 11 million ransomware attempts and over 271 million intrusion attacks, according to research by SonicWall, a US cyber security company.
The research found that encrypted threats had risen by 35% and Internet of Things malware by 33% since the beginning of 2022.
Spencer Starkey, vice president of EMEA at SonicWall, told Verdict that companies should be concerned about the recent attacks on healthcare supply chains.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
“Given that ransomware cyberattacks have risen by 112% in the UK over the past year, it’s vital every single business has a robust roadmap in place to deploy if and when an attack happens,” said Starkey.
Businesses who want to be prepared for the inevitable scenario in which an attack happens must have a robust roadmap in place, advised Starkey adding: “The preparation always begins with prevention: layered security systems and updated employee training are basic principles in today’s risky environment.”
Starkey explained that the roadmap must be built around proper procedures in order to identify and contain security incidents as well as “notifying stakeholders and conducting a ‘no-blame post-mortem’ analysis” to identify and fix the issue that meant the attack could happen.
Reassuring people and organisations who might be affected that the company is doing everything possible to resolve an attack is paramount to crisis management in the aftermath of an incident, Starkey added,