NHS data not as protected as it seems

There's a significant discrepancy between how NHS's digital security is perceived, and how things really are. Those are the results of a new survey by networks and endpoint security firm Sophos, which surveyed 250 NHS-employed CIOs, CTOs and IT Managers.

Of those surveyed, 76 per cent think they're suitably protected against cyber-attacks. On the other hand, 72 per cent say data loss is their biggest concern when it comes to IT security.

They're also saying encryption is extremely important, yet on the other hand – its current level is very low. Only 10 per cent have said encryption is well established within their organisation, while 59 per cent of employees have some sort of email encryption. File sharing encryption is used by 49 per cent of employees, while 34 per cent have encrypted their data stored in the cloud.

Another interesting thing the survey shows is how the NHS is shuffling between cutting costs and innovating – through the use of mobile devices. The Sophos survey says 42 per cent have cited mobile use as the main initiative driving change in the industry.

“This study highlights that NHS organisations still face significant IT security issues and that IT decision makers have work to do to address gaps in their security,” said Jonathan Lee, UK Healthcare Sector Manager, Sophos UK and Ireland. “Failure to take the necessary precautions to keep cyber criminals out, to safeguard data and ultimately to protect patients and staff will continue to cause significant problems for NHS organisations. However, budget cuts and changes to working practices, such as the increase in mobile working, all present significant challenges within the sector.”

Commenting on specific findings, Mr. Lee continued, “It’s no surprise that only 10 per cent of NHS organisations stated that encryption was well established within their organisation. Most have encrypted laptops and USB sticks because they have been mandated to do so, but, currently, that is often where it stops.”