An expanding market in “commercial hacking tools and services” poses an online threat to individuals and companies, as well as at a national level, according to a new assessment by the National Cyber Security Centre (NCSC) released at CYBERUK 2023.
The NCSC warned that the development of cybercrime marketplaces “lowers the barrier to entry” for criminals who might not otherwise have the technical skills to get involved in this kind of activity. It gave the example of malware-as-a-service which can be bought as a package, “eliminating the need to create and develop the software as well as reducing the knowledge threshold required to operate the malware”.
Whatever the size of your practice or clinic, it’s essential that you take the risk of cyber-attacks seriously. After all, the personal data you hold is highly sensitive which means the ICO expects you to think carefully about your IT security or risk reputational damage and an eye-watering fine.
Measures like installing security software, keeping software up to date with the latest security patches, maintaining IT security policies, encrypting data and staff training will help ensure your systems are secure but what about the companies that process your data? As a data controller, you’re responsible for ensuring that third-party providers’ IT security meets best practice standards.
We already go to great lengths to protect customers’ data so it doesn’t fall into the wrong hands:
- Full end-to-end encryption on all our systems
- Resilient enterprise quality system infrastructure designed to minimise any impact from system failures
- Security by design – we’ve embedded security and data protection into our system and product development process
- Access to services controlled with an industry-standard authentication and authorisation solution
- Compliance with recognised IT security compliance frameworks – we’ve had ISO 27001 certification since 2009 and we’re signed up to the government-backed Cyber Essentials scheme too
- Resilience testing to identify potential security weaknesses and ensure that our platforms are secure, resilient and up to date
- A staff training programme covering information security and data protection, as well as phishing email tests to check awareness
- Data stored on a secure UK-based computing platform with a daily back-up copy as part of our disaster recovery process
- Products and services that help healthcare organisations share information securely, from the Clearing Service to Secure Messaging and file sharing
No one can be complacent about data security – the NCSC warning shows that new threats are emerging all the time – but you can be confident that we’ll always keep pace with the latest tactics of cyber criminals and be ready to repel them on your behalf.