NCC report reveals cyber threats to UK emergency services

NCC Group has published a report delineating the cyber threats faced by UK emergency services.

The report highlights a surge in ransomware attacks, noting a 15% increase in 2024, with 5,263 such incidents recorded. These attacks pose severe risks to blue light services - police, fire, and ambulance - by potentially encrypting systems and compromising their ability to respond efficiently to emergencies.

Foreign intelligence services are increasingly targeting UK Critical National Infrastructure, including emergency services. These attacks often involve espionage, data exfiltration, and long-term infiltration, termed 'pre-positioning', where attackers remain within systems undetected, awaiting the right moment for a large-scale cyber attack.

Emergency services are becoming more dependent on IoT devices and connected health technologies, which introduces additional cybersecurity risks. For instance, ambulance and patient monitoring systems that transmit real-time data to hospitals could face potential hacks, leading to delays in critical pre-hospital care.

Wearable medical devices used by paramedics and NHS staff, such as heart monitors and mobile ventilators, are also vulnerable to cyber attacks. These threats could disrupt device readings or disable crucial equipment. Similarly, smart firefighting equipment, including thermal imaging cameras and oxygen tank monitors, may fail if compromised, jeopardising life-saving operations.

The police and emergency communication systems, which encompass body-worn cameras, ANPR systems, and emergency radio networks, are also at risk of being hacked and manipulated.

Ransomware attacks specifically target emergency services either directly or via supply chains. Cybercriminals often use data theft as leverage, showcasing victims' data on leak sites. The consequences for blue light services can be catastrophic if systems become encrypted and inaccessible, affecting response times to critical incidents.

Data breaches pose another significant threat. Emergency services handle sensitive information, including police intelligence, witness statements, patient records, and emergency response plans. Any leak could expose covert operations, risk informant safety, cause patient privacy concerns, or compromise fire safety strategies.

The report cites incidents such as the 2019 ransomware attacks on the Police Federation of England & Wales and the 2023 supply chain attack on UK police forces, where details including warrant card specifics were compromised. In the same year, UK ambulance services faced disruptions after a cyber attack on their IT supplier forced them to revert to manual dispatch systems.

A 2024 report from the London Fire Brigade noted nearly 340,000 blocked cyber threats, reflecting the scale of attacks on emergency services. The report also details cyber incidents involving Europol data breaches, which underscore vulnerabilities across police agencies both in the UK and Europe.

Key risks also include compromised IT infrastructure, operational disruptions, and exposure of sensitive data due to service provider breaches.

The report concludes by stressing that these cyber threats are not merely hypothetical but pose real-world challenges to the ability of emergency services to maintain public trust and safety. It highlights the need for enhanced cyber resilience to safeguard blue light services from such pervasive threats.