Securing Healthcare in the Cloud: Key Insights from the Liverpool Cyberattack

As SaaS apps and cloud services become central to healthcare operations, security vulnerabilities also increase. An alarming recent event highlighting the growing risks to healthcare organizations occurred in Liverpool, UK. A cyberattack, executed by the ransomware group INC Ransom, affected four key healthcare institutions.

Breaking Down The Attack

On November 28, 2024, the ransomware group claimed responsibility for stealing sensitive data from multiple NHS hospitals, including sensitive patient data, donor information, and procurement data spanning from 2018 to 2024. The breach was traced to unauthorized access through a service shared by two of the organizations. Despite progress in securing the compromised systems, the attack highlights a recurring theme in cybersecurity: healthcare IT systems remain vulnerable due to outdated infrastructure and gaps in security protocols.

How Cloud and SaaS Security Risks Affect Healthcare Organizations

This incident reveals just how dependent healthcare organizations are on cloud and SaaS solutions. Hospitals and healthcare providers are increasingly turning to cloud-based services for storing patient data, managing resources, and streamlining operations. The flexibility, scalability, and cost-effectiveness of cloud solutions are undeniable benefits. However, these systems must be carefully monitored and protected to prevent unauthorized access.

Sensitive Data in the Cloud

Healthcare data is particularly sensitive, including personal health records, treatment plans, and patient history. A breach in this data can not only disrupt healthcare operations but also violate privacy laws such as the US’ HIPAA, the UK’s Data Protection Act or the EU’s GDPR. Data leaks resulting from breaches can also damage a healthcare organization’s reputation and patient trust.

Shared Services Increase the Risk

In the case of the Liverpool breach, the attacker gained access via a shared digital gateway service between multiple hospitals. This highlights a significant security concern: the interconnectivity of cloud and SaaS platforms. As more organizations adopt shared services or collaborate through third-party integrations, the risk of cross-contamination from a single breach increases. If one system is compromised, it may lead to unauthorized access to data across multiple institutions.

Building Stronger Cloud and SaaS Security in Healthcare

Given the growing risks, healthcare organizations must implement several key strategies to enhance cloud and SaaS security:

Multi-Factor Authentication (MFA) and Encryption

The implementation of MFA can significantly reduce the chances of unauthorized access to cloud-based platforms. By requiring multiple forms of verification, organizations can add an additional layer of security to safeguard sensitive data. Furthermore, end-to-end encryption ensures that data remains unreadable to unauthorized parties, even if it is intercepted during a breach.

Regular Security Audits and Continuous Monitoring

Regularly auditing cloud-based platforms is essential to identify vulnerabilities before cybercriminals can exploit them. In addition, continuous monitoring of systems is crucial to detect suspicious activity in real-time. Healthcare organizations should implement tools that provide 24/7 monitoring, enabling them to quickly identify and respond to potential threats. This proactive approach helps maintain a secure cloud environment and minimizes the risk of a successful attack.

Training and Awareness for Staff

Human error remains one of the most common causes of security breaches. Healthcare organizations must emphasize the shared responsibility model for cloud security, where both the service provider and the organization play key roles. Staff should be trained on secure credential management, including using strong passwords and enabling multi-factor authentication (MFA) to prevent unauthorized access. Additionally, staff should understand the importance of protecting patient data and following security protocols across all systems and devices that access the cloud. This ensures a cohesive approach to maintaining cloud security.

Misconfiguration Management

Misconfigurations are one of the most common vulnerabilities in cloud and SaaS environments, often leading to unauthorized access or data leaks. In healthcare, where patient data is highly sensitive, it is crucial to proactively manage configurations. Healthcare organizations should ensure that cloud storage, databases, and network permissions are set to limit access to only authorized personnel. Regular audits of cloud settings—such as ensuring that storage buckets are not publicly accessible or that security groups are properly configured—are essential. Tools like Cloud Security Posture Management (CSPM) can automate the detection of misconfigurations and provide real-time alerts for immediate remediation. By addressing misconfigurations promptly, healthcare providers can protect sensitive patient data and reduce the risk of costly breaches.

Key Takeaway: A Call to Action for Healthcare Providers

The recent cyberattack on NHS organizations in Liverpool underscores the critical need for healthcare providers to secure their cloud and SaaS platforms. As healthcare systems continue to adopt cloud-based solutions, the risk of cyber threats grows. To effectively mitigate these risks, healthcare organizations should prioritize the use of advanced security tools such as SaaS Security Posture Management (SSPM) and Cloud-Native Application Protection Platforms (CNAPP).

SSPM solutions provide continuous monitoring and control over SaaS applications, helping organizations maintain a secure configuration and prevent unauthorized access to sensitive data. Meanwhile, CNAPP platforms enable comprehensive protection for cloud-native applications, offering visibility across the entire cloud environment, identifying vulnerabilities, and ensuring compliance with industry regulations.

By leveraging these tools, healthcare organizations can better safeguard patient data, comply with regulatory requirements, and ensure uninterrupted care in the face of growing cyber threats. No organization is immune to breaches, and the consequences of neglecting cloud and SaaS security are far too great. Now is the time for healthcare providers to invest in robust security platforms such as CheckRed and adopt a proactive, comprehensive approach to protect both their systems and the trust of their patients.