The NHS has been increasingly targeted by cyber attacks since the coronavirus outbreak, the director of GCHQ has said.
Jeremy Fleming told the Cheltenham Science Festival that GCHQ’s cybersecurity arm, the National Cyber Security Centre (NCSC), had been supporting the health sector after it had been targeted by hackers.
He said that, although the attacks were not any more sophisticated than previous hacking attempts, there were clear efforts being made to access sensitive data linked to the UK’s response to the pandemic, such as vaccine research.
“The reality is that we are seeing attacks on the health infrastructure.
“We do know that, whether it’s states or criminals, they are going after things which are sensitive to us in this regard,” he said.
“So, it’s a high priority for us to protect the health sector, protect, particularly, the race to acquire a vaccine, and there has been quite a lot of publicity around all of that.
“They’re not using particularly different techniques to do it, they’re still looking for pretty basic vulnerabilities in our cybersecurity, they’ll still try and use lures to get people to click on the wrong thing, or will look for vulnerabilities where people aren’t backing up properly, or where they’ve got basic passwords and so on.
“There is a lot of low-hanging fruit, still, in cybersecurity.
“If we all did some of these basic things, then even quite sophisticated state actors would find it hard to come after us.”
He also warned that criminals had seen the Covid-19 outbreak as an “opportunity”, using fear around the pandemic to scare or trick people in sharing personal information.
“We’ve been helping government and helping policing and the National Crime Agency in particular, cope with some of the spikes we’ve seen in serious and organised crime. As it is the case that hostile states can seek to do us harm, cybercriminals have spotted the opportunity from the pandemic,” he said.
“We’ve seen them using Covid-related tactics as lures to try and defraud people, to mount their forms of criminality and cause people harm.”
Mr Fleming revealed that GCHQ had “moved in” to support the healthcare industry early in the pandemic for multiple reasons, including also offering cybersecurity support for the NHS’ contact-tracing app, which remains in development.
“We lent in to advise and help around the creation of the NHS app around COVID, and that’s to make sure that all of our information is as secure as possible, and that the architecture behind the system is really cutting- edge and is protecting the things that we need to do, so that the decisions taken from it are as effective as possible,” he said.
Questions have previously been raised about the security of the app, but Mr Fleming said: “Privacy, security, data protection has been absolutely at the heart of our approach” to its development.
“It has been built in as a fundamental principle, the way in which the app operates, the way in which, with the user’s authority, it shares data so that clinical decisions can be taken, the way in which, long term, the interests of every individual in this country who downloads the app and the data that they provide is treated long term has been treated so seriously from the off, that I would like to provide significant reassurance on that.
“I think it’s also equally important that we continue to be as transparent as we can be about that as a nation,” he added.
Asked about the increase in time people are spending with digital devices during lockdown, the GCHQ director said it was right to embrace technology, but the public needed to remember good cybersecurity practice in order to stay safe.
“The reality is, you can do most things from home, for most people, you don’t need to worry about it very much.
“But you do have to make sure that some pretty basic cyber hygiene disciplines are in place to protect your information,” he said.
“Then, you can fill your boots with everything that this technology can bring.
“It really is enabling, and our message in GCHQ and from the NCSC is that these technologies are here to enable us, they’re brilliant at doing that, so let’s do it, but let’s try and do that as safely as we can.”