A consultation has opened to explore proposals to increase incident reporting and reduce payments to cyber-criminals, with the aim of reducing the threat posed by malicious ransomware software.
The government recognises that whilst “it may seem like a necessary evil to pay a ransom” to end disruption and resume normal services; from a societal standpoint, “this only serves to reinforce the business model of the criminal gangs responsible and makes the practice of ransomware more lucrative and widespread”.
Drawing on information held by the Information Commissioner’s Office (ICO), the government notes that ransomware attacks appear to be on the rise, with 511 incidents reported to the ICO in the second quarter of 2023. Whilst the government highlights that this figure is likely to be “limited” due to factors such as underreporting and the “sophisticated nature” of ransomware attacks, it also observes that private sector reporting to the National Crime Agency “indicates the number of UK victims appearing on ransomware data leak sites has doubled since 2022”.
As a result, the Home Office seeks to achieve three main objectives: reducing the amount of money flowing to ransomware criminals from the UK, “thereby deterring criminals from attacking UK organisations”; increasing the abilities of operational agencies to disrupt and investigate ransomware attacks by increasing intelligence of the ransomware payment landscape; and enhancing government understanding of the threats posed by ransomware to inform future interventions, “including through cooperation at international level”.
The three proposals put forward for consultation are: a targeted ban on ransomware payments for critical national infrastructure (CNI) and the public sector prohibiting any payments being made; a new ransomware payment prevention regime requiring victims to engage with authorities in the event of a ransomware attack and to report their intention to make a payment before sending any money; and the introduction of a ransomware incident reporting regime making reporting mandatory “regardless of the victim’s intention to pay the ransom”.
Whilst the consultation is open to the public, it does state that there is specific interest around hearing from “those who anticipate being required to comply with the proposals”, as well as those in the industry and research sectors.
More information is also provided in the Consultation Options Assessment. The consultation is scheduled to end on 8 April 2025. To learn more, or to have your say on the government’s proposals, please click here, or respond to the survey online here.
Cyber security across the NHS
NHS England opened a market engagement stage in November, ahead of the NHS Cyber Risk Rating Platform tender, designed to support NHS organisations to “better understand their security posture” and their management of threats that could impact on operations and organisational data.
Barts Health NHS Trust selected Cynerio’s Healthcare Cybersecurity Platform for deployment across all sites, choosing to implement the full suite including network detection and response for healthcare (NDR-H) technology capable of monitoring network traffic and detecting and responding to threats. Within a month, Cynerio reportedly identified more than 9,500 previously unmonitored devices for ongoing monitoring from within the trust.
Join HTN and digital leaders for a panel discussion on cyber security in healthcare scheduled for 26 February, 10:00 – 11:00. In this session, we’ll look at best practices for cybersecurity in healthcare, focusing on some of the key considerations for NHS organisations in their approach to cybersecurity, some of the main challenges in making these organisations cyber secure, and how to overcome those challenges. We’ll consider what elements of health and care pose the greatest cybersecurity risk, looking at common pitfalls and aspects which can be overlooked, as well as issues around legacy systems and aligning them with good cybersecurity practice.
