Data and securityCyber SecurityNHS IT leaders fear harm to patients from widespread hacking of confidential data

NHS IT leaders fear harm to patients from widespread hacking of confidential data

Research reveals almost a third of NHS IT decision makers say hackers have infiltrated electronic patient data

New research findings published today show the increasing threat cyber attacks pose to the NHS.

The VMware study, which was co-sponsored by Intel, reveals that almost a third of the IT decision makers in the NHS surveyed expressed certainty that NHS electronic patient data has been infiltrated by hackers, and 80% of those were confident that electronic staff records have also been compromised.

With many NHS trusts struggling to keep pace with the frequency and sophistication of cyber attacks, the research explored security practices amongst IT decision makers at those organisations. Not only did the study reveal a growing threat to patient care and front-line services, it also shed light on the consequences of successful breaches:

  • Nearly two thirds (62%) fear attacks on equipment or facilities could result in patients coming to harm.
  • Over a quarter (29%) have had to cancel or postpone appointments following an incident.
  • A quarter (26%) have had to halt a research project following an incident.

With recently-announced £21m funding to help trusts defend against cyber-attacks such as WannaCry, 70% of respondents admitted more funds need to be spent and more done to address the skills needed to keep pace with increasingly sophisticated threats. Following an attack, 28% of respondents stated they had lost skilled staff, and 38% believe their team lacks the skills to improve cybersecurity infrastructure and strategy.

The study also suggests better education is required for staff and the public around cyber threats:  although the IT leaders surveyed said that hacktivist groups (50%) and individual cyber-criminals (49%) are most likely to leak NHS data, NHS staff (32%) and even patients (30%) themselves weren’t far behind. With many attacks aimed at end user devices, NHS staff are an important line of defence against the cyber threat.

Tim Hearn, Director, UK Government and Public Services, VMware said: “Across the NHS, there are many fantastic examples of IT leaders being incredibly innovative in embracing new technologies to defend their complex infrastructures against cyber-threats. But the NHS is facing an uphill battle in keeping patient data safe against a backdrop of more persistent and diverse threats which increasingly target applications, bypassing traditional security. It needs to modernise its approach and focus on protection from the inside out; this means investing more than the 10% of IT budget on security that it currently sets aside.

“Its leaders are clearly saying two things – that the risk of data breach will have a significant negative impact on patients and the UK as a whole, and that they need more support, investment and skills in remaining secure. A huge part of this is introducing a ‘People, Process and Technology’ approach to security – ensuring that, as well as having the right technology in place, people receive the right training and education to help tackle the threat.”

David Houlding, director, healthcare privacy & security, Intel added: “Cybercriminals today are taking advantage of unpatched systems and unwitting employees with ransomware and phishing attacks, resulting in a record number of breaches worldwide. It is now more important than ever to comply with data protection laws and security standards, know the security posture of your organisation relative to the industry, and proactively remediate gaps to actively address security issues.”

Related Articles

Government’s rapid cloud adoption lacks security (Infographic)

Cloud Computing Government’s rapid cloud adoption lacks security (Infographic)

2w Austin Clark
Combatting the cyber security skills crisis: Retraining could help public sector digital transformation

Cyber Security Combatting the cyber security skills crisis: Retraining could help public sector digital transformation

2w Guest Writer
The need for a strategic approach to cyber security purchasing

Cyber Security The need for a strategic approach to cyber security purchasing

4w Austin Clark
The need for a strategic approach to cyber security purchasing

Cyber Security The need for a strategic approach to cyber security purchasing

4w Guest Writer
Should voice biometrics be central to contact centre security?

Cyber Security Should voice biometrics be central to contact centre security?

4w Austin Clark
NHS Digital launches new data security toolkit

Cyber Security NHS Digital launches new data security toolkit

1m Austin Clark
Five trends shaping the cloud computing space

Cloud Computing Five trends shaping the cloud computing space

1m Austin Clark
Digital infrastructure cyber protection beefed up

Cyber Security Digital infrastructure cyber protection beefed up

1m Austin Clark