One year on from Advanced attack: NHS Trusts still at risk from third-party attacks   

One year on from Advanced attack: NHS Trusts still at risk from third-party attacks   

One year on from the ransomware attack that targeted Advanced, a UK-based software supplier to the NHS allows us to reflect on the attack, which saw client patient management solutions and the NHS 111 services taken offline. This was a prime example of the risks posed to healthcare by both the supply chain and software supply chain. 

Trevor Dearing, Director of Critical Infrastructure at Illumio, said: “One of the best security models for improving cyber resilience is Zero Trust because it is based on the mantra of “never trust, always verify. The same ethos must apply to the supply chain”   

Trevor believes there are immediate steps Trusts can take to mitigate the potential impact of supply chain attacks and ensure medical infrastructure remains breach tolerant and hospitals operational even while under attack.  

1. Map communications to all systems: Once an attacker has infiltrated an organisation, they will try to move to the highest value assets. A critical step to building supply chain resilience is gaining visibility of all inbound and outbound connections to your suppliers. Identify which systems can communicate and then use this knowledge to identify and quantify the risks faced by any asset or application.  

2. Gain comprehensive visibility of your environment: A critical step to building supply chain resilience is gaining visibility of all inbound and outbound connections to your suppliers. Visibility allows you to understand what your normal looks like so that when an unexpected connection happens, or you notice an unexpected high volume of data being transferred, you can detect using existing SIEM (Security Information and Event Management) technologies and take action.  

3. Deploy a strategy of least privilege: For those areas where you have less control, such as your software supply chain, ensure you have good segmentation from the rest of your environment. Implement very restrictive allow list policies and apply controls based on least privilege to govern and restrict access between resources. Stopping unauthorised communication enables an attack to be contained in a single location and prevents attackers from reaching critical assets and services.  

4. Ringfence high-value applications: Take steps to ringfence high-value applications that handle any intellectual property, non-public financial data, legal documents, or sensitive and personal information. Ringfencing shrinks the security perimeter from a subnet or VLAN to a single application.  

5. Don’t neglect the basics: Most risk exposure comes from bad hygiene, bad process and human error. Remember, the attacker only needs to get it right one percent of the time to be successful, so there is no room for error. The best way to reduce risk is through the practice of good security hygiene and a defence-in-depth approach, which at a very minimum, means regular patching, limiting access to systems and services with known vulnerabilities and imposing a strategy of least privilege.