NHS Trusts lack cyber-attack protection

NHS Trusts across England do not have adequate training programmes in place to ensure their employees are guarded against cyber threats. This is according to a recent freedom of information request aimed at NHS Trusts in England carried out by Accellion.

The research revealed that while 71 per cent of NHS Trusts questioned acknowledged the use of smartphones or tablets in the workplace, an equal number admitted to having a limited or no training programme in place for how to safeguard organisational information when using these devices. Given the fact that many data breaches are the result of accidental insider leaks or lost/stolen devices, the absence of a formal and recurring training programme is alarming.

The uptake in smart technology is in direct correlation with the increasing number of cyber-attacks in the healthcare sector, where patient data is seen to be of greater value to hackers than financial details when sold on the black market.

When questioned further on cyber security training and programmes, the NHS Trusts also revealed the following:

  • 80 per cent of NHS Trusts supply their staff with a smartphone or tablet in some capacity
  • Organisational information, including patient records, is accessed by staff at 59 per cent of NHS Trusts
  • Close to half (41 per cent) of NHS Trusts questioned rely on the security of their server, encryption, or the goodwill of staff to adhere to an Information Security Policy to ensure patient data is kept secure

Yorgen Edholm, CEO & President at Accellion commented that “with a reported 93 per cent of data breaches caused by human error, the integration of smartphones into the UK health service must be properly managed. Data breaches are continuing at an alarming rate, yet a cybersecurity mindset is still not ingrained at every level of the NHS Trusts. From the latest hire to the most tech-savvy employee, cyber security must be top of mind.

Interestingly, 92 per cent of NHS Trusts questioned plan to incorporate smartphones, tablets or the use of applications to allow employees to access shared content by 2018, as part of the NHS’ paperless initiative.

At present, only 53 per cent of these NHS Trusts provide a secure, enterprise-grade application for the sharing of patient data. However, with the increasing uptake in smart technology this is a figure that must change in order to prevent further cyber-attacks. These findings reveal that as the NHS invests more of its budget in technology, it must invest in both enterprise-grade security solutions and greater training for its employees.