IT Security
UK NHS Trusts Challenged by Attack Surface Complexities
By Business Wire
Share
New Research by Armis Uncovers Security Blind Spots Over Connected Assets on NHS Trusts
LONDON--(BUSINESS WIRE)--Armis, the leading asset visibility and security company, today released data from a Freedom of Information (FOI) request to U.K. National Health Service (NHS) trusts. The results of the research highlight challenges for NHS trusts due to a lack of visibility and monitoring of all connected assets in their environment and heightened compliance requirements, which they are struggling to meet.
“The introduction of connected assets to healthcare is driving innovation and ultimately improving delivery of care. However, its adoption has expanded the attack surface that now needs more oversight than ever. Specifically for connected medical devices (IoMT), which are hard to keep updated, being able to monitor them and understand their behaviour and risk in real-time is key to ensure safety and comply with the latest regulations,” said Mohammad Waqas, Principal Solutions Architect at Armis.“Real-time insights on everything connected in a Trust’s environment, even third party assets, are key to establishing a resilient security strategy and proactively reducing the attack surface.”
While 35% of NHS trusts stated having an automated system to track all connected assets and 59% said they are updating information on all assets as changes occur, there are still blind spots for effectively reducing risk and ensuring compliance with NHS directives and regulations:
- Connected Medical Devices (IoMT): Fifteen percent of the surveyed NHS trusts acknowledged not tracking IoMT devices and one in five stated they use manual processes or spreadsheets to track these assets. A further 19% of respondents recognise that information on connected medical devices in their inventory system is either not updated at all or only updated annually.
- Internet of things (IoT): One-third of surveyed trusts admitted having no method of tracking IoT devices and 10% said they use manual processes or spreadsheets to do so. A further 18% of respondents recognise that information on IoT devices in their inventory system is either not updated at all or only updated annually.
- Operational Technology (OT): Ten percent of respondents acknowledged that they do not track OT devices in their environment and 17% stated they use manual processes or spreadsheets to track their OT inventory. A further nine percent of respondents said they either do not update the information for OT devices in their inventory at all or do so annually.
These blind spots not only could become the catalyst of an attack, but also add difficulties to compliance challenges for NHS trusts. Complying with regulatory demands starts with knowing what is on the network, which, without adequate automation, can be a heavy lift for an NHS with a shortage of resources.
Thirty-eight percent of respondents admitted that they do not have sufficient staff to meet the demands placed upon them and one in five (23%) trusts said they do not have enough resources to deal with replacing legacy or unsupported medical devices.
When carrying out Data Security Protection Toolkit (DSPT) assessments, trusts note that compiling evidence was the number one difficulty. And, while most trusts (82%) can respond to NHS Cyber Alerts within the requested 48 hours, they struggle to remediate issues within the mandated two weeks encountering challenges on arranging downtime, impact to business as usual and deployment of patches.
“Although the NHS is working hard, the research shows there are still crucial gaps that must be filled when it comes to addressing visibility, automating processes and satisfying compliance requirements. To fill in those gaps and improve the operational effectiveness of NHS trusts, allowing staff to focus on core functions and enabling insights on threat intelligence and clinical device utilisation, the right technology partners need to be brought in to solve multiple use cases and bridge technology gaps,” concluded Waqas.
Recent Armis research identified the top connected medical devices that posed a high risk to clinical environments as nurse call systems, infusion pumps and medication dispensing systems.
For information on how Armis can help address those challenges please email NHS@armis.com or go to https://www.armis.com/nhs/. And, to understand how Armis’ new DSPT specific compliance dashboards and reports can enable simplification of the DSPT process see a 2 minute demo here.
Armis will be attending Infosecurity Europe in London at the Excel Center on June 20-22, 2023 and will be located in booths W20. For more details of what the company has planned at the event or to book a meeting, please visit: https://www.armis.com/infosec-2023/. Join Armis' CTO and Co-Founder Nadir Izrael with a session taking place Wednesday, June 21, 2023 from 1:00pm – 1:25pm titled: The Future of Cyberwarfare: Defending our Critical Infrastructure.
About Armis
Armis, the leading asset visibility and security company, provides the industry’s first unified asset intelligence platform designed to address the new extended attack surface that connected assets create. Fortune 100 companies trust our real-time and continuous protection to see with full context all managed, unmanaged assets across IT, cloud, IoT devices, medical devices (IoMT), operational technology (OT), industrial control systems (ICS), and 5G. Armis provides passive cyber asset management, risk management, and automated enforcement. Armis is a privately held company and headquartered in California.
ContactsRebecca Cradick
Senior Director, Global Communications
Armis
pr@armis.com
First published on Mon, Jun 19, 2023
Enjoyed what you read? Great news – there’s a lot more to explore!
Dive into our content repository of the latest tech news, a diverse range of articles spanning introductory guides, product reviews, trends and more, along with engaging interviews, up-to-date AI blogs and hilarious tech memes!
Also explore our collection of branded insights via informative white papers, enlightening case studies, in-depth reports, educational videos and exciting events and webinars from leading global brands.
Head to the TechDogs homepage to Know Your World of technology today!
Disclaimer - Reference to any specific product, software or entity does not constitute an endorsement or recommendation by TechDogs nor should any data or content published be relied upon. The views expressed by TechDogs' members and guests are their own and their appearance on our site does not imply an endorsement of them or any entity they represent. Views and opinions expressed by TechDogs' Authors are those of the Authors and do not necessarily reflect the view of TechDogs or any of its officials. While we aim to provide valuable and helpful information, some content on TechDogs' site may not have been thoroughly reviewed for every detail or aspect. We encourage users to verify any information independently where necessary.
Tags:
Related News on IT Security
Devo Security Data Platform Attains FedRAMP® Authorization
Tue, Jan 9, 2024
By PR Newswire
Darktrace Appoints Chris Kozup As Chief Marketing Officer
Thu, May 25, 2023
By PR Newswire
Ermetic CNAPP Now Available On Google Cloud Marketplace
Wed, Aug 23, 2023
By Business Wire
Nisos Announces Comprehensive Managed Intelligence Suite
Tue, Apr 4, 2023
By Business Wire
Perimeter 81 Announces Integration With ConnectWise PSA
Wed, Feb 15, 2023
By Business Wire
Trending Business Wire
Tetrascience Collaborates With Microsoft To Advance Scientific AI At Scale
By Business Wire
Veea And Lynxspring Announce Collaborative Strategic Partnership To Accelerate Edge-To-Cloud And Containerization Opportunities
By Business Wire
Wellsky Launches Advanced AI-Powered Tool To Streamline Medication Reconciliation And Enhance Patient Care
By Business Wire
Atmus Launches Advanced Nanonet N3 Filter Media Technology
By Business Wire
Blaize Partners With Alwaysai To Revolutionize Real-Time Insights With AI Edge Computing And Advanced Computer Vision Applications
By Business Wire
Join Our Newsletter
Get weekly news, engaging articles, and career tips-all free!
By subscribing to our newsletter, you're cool with our terms and conditions and agree to our Privacy Policy.
Join The Discussion