We caught up with Julian Wiggins and Nick Roberts from Rackspace Technology to discuss the growing importance of cyber resilience in NHS organisations, and why cyber recovery must now be a core part of that strategy.
If you look at what is happening in the cyber security industry, spending is increasing. Over the last 20 to 30 years, we have put so much focus on attack prevention, “but not enough focus has been put on recovery. IT teams must get it right 100% of the time whereas to compromise an environment an attacker only needs to get right once.”
“Cyber attacks on healthcare organisations are increasing in both frequency and impact. The recent cyber-attack on a supplier to NHS hospitals in London led to over 11,000 outpatient appointments and elective procedures being postponed. This is a stark reminder that it is no longer a question of if, but when,” said Nick Roberts, Rackspace Technology.
With the upcoming Cyber Security and Resilience Bill expected to introduce more stringent requirements, NHS trusts must now look beyond traditional defences. As Nick Roberts noted, “cyber resilience will need to become integrated within each trust’s digital strategy, and there’s a need to start acting now.”
What needs to change
While IT teams are rightly focused on removing legacy technical debt, improving disaster recovery, and maintaining backups, cyber recovery is a distinct discipline. It is about being ready to recover cleanly and quickly after a malicious cyber attack, it is a very different thing to recovering from data loss or a data centre failure.
Julian Wiggins highlights that many traditional recovery methods are designed for non-malicious failures, such as broken connections or hardware faults. “The problem with cyber threats is that malicious code often hides in backup copies. So when you restore it simply reinfects the system,” he explains.
This means organisations need more than just backup their data and put data centre disaster recovery in place. They need isolated recovery environments, confidence that they have clean data copies and a strategy for quickly restoring systems without reintroducing malware.
How Rackspace Technology supports cyber recovery
Rackspace Technology’s Sovereign Cyber Recovery Cloud is built to meet this challenge, delivering a truly UK sovereign solution, not just for data, but for the entire infrastructure and service stack.
“The people are only in the UK, all the infrastructure exists in government-certified data centres, and all the networks we use to traverse the data are solely in the UK,” explained Nick.
To further assure sovereignty and data protection, Rackspace uses Crown Hosting, a joint venture between the UK Cabinet Office and Ark Data Centres. “We’ve chosen to use those data centres to host all of our UK public sector services, because it is the government preferred hosting location,” Nick added.
Rackspace also provides multiple layers of cyber prevention and data protection and tools to proactively identify vulnerabilities, proactively manage risks, and ensure a predictable and rapid recovery. This helps minimise impact on clinical and operational services.
“You hope you never have to do it, but you have to have it in place and ensure it’s regularly tested,” said Nick. “It’s your insurance policy and your proven process of rapid recovery.”
Conclusion: Building resilience, not just defence
Cyber resilience is a multi-faceted problem that requires a multi-faceted solution. As Julian put it, “it’s about understanding the domain better – what can be done easily, what takes effort, and where our investments will provide most protection and value.”
In today’s threat landscape, prevention alone is not enough. NHS organisations must prepare to recover, cleanly, quickly, and confidently, when the inevitable happens. Rackspace Technology’s sovereign cyber recovery solutions are built to help them do just that. To find out more, visit: https://www.rackspace.com/en-gb/industry/uk-healthcare
Join us for our HTN Now webinar, from risk to readiness: cyber resilience in the NHS, 10:00am – 11:00am, 5 November. We welcome Hubert Ametefe, CISO at Bedfordshire Hospitals NHS FT, Mike Fell, director of national cyber operations at NHS England and Julian Wiggins, Healthcare Solution Director at Rackspace Technology. Register here.
