top of page

Is my healthcare website secure?

The healthcare sector continues to face an increasing number of cyber threats, any one which can compromise patient data, disrupt critical healthcare services, and cause financial harm to healthcare providers. Whilst the true scale of it remains an enigma – due to continued underreporting across all sectors - 2021 stats from a US Cyber company (Herjavec Group) make for stark reading.

• Healthcare provider attacks have more than quadrupled since 2017

• Attacks don’t just steal or encrypt data – they are now targeting internet enabled medical devices (MRI scanners) and interfering with their productivity

• It is highly likely that cyber-attacks have resulted in deaths and serious injury of patients

• 93% of healthcare organisations had suffered a cyber enabled data breach over the past 3 years. Two thirds had had 5 or more.

• Most healthcare providers felt ill-equipped to deal with the threat of cyber-attacks against their organisation

Image of doctor looking at brain scans on computer screen
Doctor using computer network

The ways that cybercriminals target organisations are many and varied but increasingly health and social care providers rely on websites and portals to maintain contact with patients and customers. As such they have become a major feature on the cyber vulnerability list – in fact web applications were the number one vector for data disclosure in the healthcare sector in 2021, according to Verizon.

What is an FSWA and how can it help my business?

The First Step Web Assessment (FSWA) is a service that can directly impact on your website security and help you in the continual fight against cyber criminals. The service itself conducts a light touch assessment of your website’s security setup. It is conducted by a team of trained university graduates within the Cyber Path program, who support the national network of Cyber Resilience Centres.

The current fee for the service is only £180.00 and has been set to reflect the fact that many companies cannot afford to spend huge sums of money to protect their assets. You may even qualify for a further discount dependent on your company’s size and sector.

We will usually look to turn this service round in a few weeks and all we need is your website address (URL) to get going.

Our team use both passive and active reconnaissance techniques to assess your website, looking at how a cybercriminal would identify a vulnerable site. Passive reconnaissance seeks to gain information about your site without actively engaging with it, identifying outdated components and software that has been used to build it. The service then undertakes active reconnaissance through the use of automated scans to identify vulnerabilities not found through the initial tests.

You will then receive a short non-technical report (2-3 pages) to show any risks found on the site. The report will allow you to consider the risk and encourage further discussion with the site's developer/IT/host provider to help bolster your security further.

What should I do now?

Office worker at desk
Cyber team member

Here at the centre, we would recommend that you consider joining our community today as one of our growing number of free core members. You will be supported through implementing the changes you need to make to protect your organisation.

So, take a look at the First Step Web Assessment service and find out what you need to do next to make your business a no-go zone for cyber criminals. If you would like to know more about this or any other service, why not book a chat with us today?

Reporting a live cyber-attack 24/7

If you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), please call Action Fraud on 0300 123 2040 immediately. This service is available 24 hours a day, 7 days a week.

Reporting a cyber-attack which isn't ongoing

Please report online to Action Fraud, the UK's national reporting centre for fraud and cybercrime. You can report cybercrime online at any time using the online reporting tool, which will guide you through simple questions to identify what has happened. Action Fraud advisors can also provide the help, support, and advice you need. Alternatively, you can call Action Fraud on 0300 123 2040 (textphone 0300 123 2050).


The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the East is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page