An investigation by Sky News has revealed some worrying stats concerning how the NHS is protecting its data online.
According to the news channel, seven NHS trusts, serving more than two million people, spent nothing on cybersecurity in 2015. Further insight obtained from the investigation includes the fact that the average annual spend for an NHS trust was £23,040, although six trusts spent at least £100,000. In all, 45 trusts were unable to specify their cybersecurity budget at all.
The information was obtained by Sky News using a Freedom of Information request to which 97 trusts responded.
Further investigation found that trusts are increasingly suffering from personal data breaches – the number of breaches rose from 3,133 in 2014 to 4,177 last year – and that cyber incidents are accounting for more breaches, from eight in 2014 to 60 last year.
Security firm Hacker House, which was invited to work on the investigation with Sky News, also revealed some serious flaws in NHS Trust cybersecurity. These included misconfigured email servers and outdated software and security certificates.
Commenting to Sky News, Jennifer Arcuri, co-founder of Hacker House, said: “I would have to say that the security across the board was weak for many factors. Out of date SSLs, out of date software; it was very clear that you could bypass any number of these trusts just by doing the right recon online.
“So, if I was an adversary looking to get into any of these trusts or take advantage or change, manipulate or send communications on behalf of a doctor, I could, just because the information was already there.”
The investigation caps an already troubled few weeks for the NHS when it comes to its digital performance. Two NHS trusts in Lincolnshire were recently forced to cancel operations after a virus infected their computer systems and NHS email was brought to a standstill after a member of staff sent a message to every listed NHS address.
NHS Digital said this was the result of a technical bug in the supplier’s system and was not the fault of an individual member of NHS staff.
Any response from the NHS to the Sky News investigation will be reported here.
Councils are being urged to become more creative in their use of technology and more collaborative with both their citizens and other organisations
Survey reveals councils need to do much more to protect data - with a quarter yet to appoint a data protection officer
Public authorities have been reminded of the need to meet the common Public Sector Network standards
According to an independent study, 90% of organisations will be using data analytics by 2020, despite obstacles of data silos, security and lack of alignment