cyber threat top 10.png

10 Biggest Cyber Threats (and 10 Ways to Tackle Them)

Cybersecurity threats are a growing concern for all modern businesses, but they are especially concerning for modern GP Practices, as they hold a wealth of sensitive patient data, such as names, addresses, birth dates, and medical records. This data can be used for a variety of malicious purposes, such as identity theft, medical fraud, and extortion.

By understanding the latest cybersecurity threats and taking steps to mitigate them, GP Practice Managers can help to protect their patients and their practice.


Ransomware is a type of malware that encrypts a victim's data and demands a ransom payment in exchange for the decryption key. Ransomware attacks have become increasingly common and sophisticated in recent years, and the NHS has been a prime target.

Why it’s dangerous

In May 2021, the Health Service Executive (HSE), Ireland's equivalent of the NHS, was hit by a ransomware attack. The attack encrypted vital files and disrupted services across Ireland. The HSE was forced to pay a ransom of €20 million to regain access to its data.

How to fight back

  • Keep your software up to date. Software updates often include security patches that can help to protect you
  • Use strong passwords and enable multi-factor authentication
  • Back up your data regularly. This will give you a copy of your data to restore if you are hit by a ransomware attack.


Phishing is a type of ‘social engineering’ attack in which an attacker sends fraudulent emails or text messages that appear to be from a legitimate source, such as a bank or government agency. The emails or text messages typically contain malicious links or attachments that, if clicked, can download malware.

Why it’s dangerous

In October 2022, a phishing attack targeting NHS staff resulted in the theft of personal data belonging to over one million patients. The attackers sent emails that appeared to be from a legitimate NHS source, but when staff clicked on the links, they were taken to a fake website that looked like the real NHS website, where they were tricked into entering their personal information.

How to fight back

  • Be suspicious of unsolicited emails and text messages
  • Do not click on links in emails or text messages unless you are sure they are safe. If you are unsure, hover over the link to see the real URL.
  • Do not open attachments in emails from unknown senders. If you are expecting an attachment, contact the sender to confirm that it is legitimate before opening it.

Supply chain attacks

Supply chain attacks are attacks in which attackers target a third-party vendor that supplies goods or services to the NHS. Once the attacker has gained access to the vendor's systems, they can use this access to attack the NHS itself.

Why it’s dangerous

In November 2020, a supply chain attack targeting the US software company Kaseya affected a number of NHS organisations. The attack exploited a vulnerability in Kaseya's software to gain access, then encrypted data on the affected systems and demanded a ransom payment.

How to fight back

  • Only do business with reputable vendors.
  • Vet all third-party software before installing it.
  • Monitor your systems for suspicious activity and report it to your IT department immediately.

Advanced persistent threats (APTs)

APTs are sophisticated cyberattacks that are typically conducted by nation-state actors or organised crime groups. APTs are often difficult to detect and can remain undetected for months or even years.

Why it’s dangerous

In 2017, the NHS was targeted by an APT known as Dragonfly. The Dragonfly APT is believed to be backed by the Russian government. The APT targeted the NHS in order to steal sensitive data, such as information about new drugs and treatments.

How to fight back

  • Use security monitoring tools to detect and respond to APT attacks.
  • Segment your network to limit the damage that can be done if an APT attack is successful.
  • Educate your staff about APT attacks and how to avoid them.

Human error

Human error is one of the biggest cybersecurity threats to any organisation, including the NHS. Employees can accidentally click on malicious links, open malicious attachments, or reveal sensitive information to attackers.

Why it’s dangerous

In 2019, a human error at a hospital in the UK resulted in the accidental disclosure of the personal data of over 1,000 patients. The error occurred when a staff member accidentally sent an email containing the patient data to a distribution list that included people outside of the hospital.

How to fight back

  • Educate your staff about cybersecurity best practices (see above examples)
  • Implement security controls to mitigate human error. For example, you could use a web filtering solution to block malicious websites.

Unpatched software

Unpatched software is software that has known vulnerabilities that have not yet been fixed. Attackers can exploit these vulnerabilities to gain access to systems and data.

Why it’s dangerous

In 2020, a vulnerability in the NHS's electronic patient record system was exploited by attackers to gain access to the systems of a number of NHS organisations. The vulnerability had been known about for months, but the NHS had not yet patched it.

How to fight back

  • Patch your software regularly
  • Prioritise patching critical systems and applications.
  • Use a patch management solution to automate the patching process.

Weak passwords

Weak passwords are easy for attackers to crack, giving them access to systems and data.

Why it’s dangerous

In 2018, it was revealed that a number of NHS staff were using weak passwords, such as "password123" and "qwerty." This made it easy for attackers to crack their passwords and gain access to NHS systems.

How to fight back

  • Use strong passwords. A strong password is at least twelve characters long and includes a mix of upper and lowercase letters, numbers, and symbols.
  • Do not reuse passwords across multiple accounts. If one account is compromised, attackers could use your password to gain access to your other accounts.
  • Use a password manager to help you create and manage strong passwords.

Poor security practices

Poor security practices, such as not using multi-factor authentication or not regularly backing up data, can make the NHS more vulnerable to cyberattacks.

Why it’s dangerous

In 2019, a report by the UK's National Audit Office found that the NHS had a number of poor security practices, such as not using multi-factor authentication and not regularly backing up data. These poor practices made the NHS more vulnerable to cyberattacks.

How to fight back

  • Use multi-factor authentication (MFA) on all of your accounts. MFA adds an extra layer of security by requiring you to enter a code from your phone in addition to your password when logging in.
  • Back up your data regularly
  • Implement security policies and procedures. This will help to ensure that your staff are following best practices and that your data is protected.

Insider threats

Insider threats are threats posed by employees or contractors who have authorised access to NHS systems and data. Insider threats can be intentional or unintentional, but they can all be very damaging.

Why it’s dangerous

In 2020, a former NHS employee was jailed for stealing the personal data of over 100,000 patients and selling it to criminals. The employee had used his access to NHS systems to download the data and then transferred it to his own personal devices.

How to fight back

  • Screen potential employees carefully. This includes performing background checks and checking references.
  • Implement security controls to limit employee access to sensitive data. For example, you could use role-based access control to only give employees access to the data they need to do their jobs.
  • Monitor employee activity for suspicious behaviour and report it to your IT department immediately.

The increasing complexity of the NHS IT environment

The NHS IT environment is becoming increasingly complex, with more devices and systems being connected.

Why it’s dangerous

This complexity can make it difficult to secure the entire environment, and gives hackers ways in to cause damage.

How to fight back

  • Implement a layered security approach. This means using a variety of security controls, such as firewalls, intrusion detection systems, and endpoint security solutions
  • Segment your network to limit the damage that can be done if a security breach occurs.
  • Use a security information and event management (SIEM) solution to centralise and analyse security logs.
  • 1


No Comments

Leave a Comment


Post Archive