Three steps to improving the security of the NHS

Three steps to improving the security of the NHS

Posted on 26/09/2017
DISCLAIMER: this article is older than one year and may not be up to date with recent events or newly available information.

Download our free eBook – “Securing a New Lifeline for the NHS”

##

Against a backdrop of more persistent and diverse cyber threats, the NHS is facing an uphill battle in keeping patient data safe and vital services operating efficiently. 

The WannaCry ransomware attack in May this year, which crippled a number of NHS Trusts, demonstrated the reality of cyber threats and their potential to impact directly on patient services. In the wake of the attack, NHS bosses and the government faced questions over why hospitals had been left vulnerable, and how they can better mitigate the impact when another attack takes place.

As part of its drive to become an increasingly digital organisation, the NHS must demonstrate that it can protect the data that it holds and the systems on which it functions or risk losing the support of the UK public. Our newly published report ‘Securing a new lifeline for the NHS’ explored the views of 100 IT decision makers (ITDMs) across the NHS, revealing some concerning trends and highlighting the need to push security to the top of the agenda. Key insights included:

  • The likelihood that data has already been compromised is high with 80 percent of ITDMs believing that electronic staff records have been compromised, and almost a third saying the same about patient data
  • There is a clear need to dedicate more budget to protecting the NHS’ IT estate, with 70 percent stating that more must be spent on IT security to modernise infrastructure and bolster defences
  • As well as investing more in infrastructure, the NHS also needs to invest in its people – ensuring that they have the skills and capabilities needed to create a secure IT environment, and know how to deal with a cyber attack when it occurs. A worryingly high 38 percent of ITDMs say that their team lacks the skills to improve cybersecurity infrastructure and strategy
  • It’s not just malicious hackers that pose a threat to data integrity, NHS staff (32%) and even patients (30%) themselves were among the most likely reasons to cause a data breach. Responsibility for protecting any organisation no longer lies solely with the IT team but sits with anyone that interacts with data and devices. In an increasingly data-driven and digital care environment, the means pretty much everyone needs education on the role they have to play

It’s an incredibly tough challenge, but we believe there are a few keys steps that NHS organisations can take to improve their approach to cybersecurity.

Smart investment in the right technologies – analysis following WannaCry revealed many NHS trusts were using obsolete systems, while others had failed to apply recent security updates which would have protected them. Reports suggest that around 90 per cent of NHS trusts in the UK were using Windows XP – a 16-year-old operating system – which was a major contributing factor in enabling the spread of the ransomware attack.

The incident raised awareness of the need for the NHS to modernise its approach to IT security and focus on protection from the inside out; this means investing more than the 10% of IT budget on security that it currently sets aside. To mitigate the immediate risks with cyber security, the government must work closely with the NHS to move from unsupported operating systems, including Windows XP, and focus on implementing a security-first culture.

Foster innovation and modernisation through skills investment – as well as investing in updated infrastructure, more needs to be done to address the skills needed to keep pace with increasingly sophisticated threats. The NHS needs to invest in its staff by identifying areas for improvement and providing them with the necessary training or support.

This could take the form of programmes that encourage innovation and best practice sharing to equip the workforce with the skills necessary to combat today’s threats, and funnel digital talent to where it is most needed.

Educate staff and public about their role in fighting the cyber threat – seeing over a million patients every 36 six hours makes the NHS an unbelievably fast-paced environment. It’s no surprise then that there is a certain amount of human error when it comes to the use of IT systems as part of the care process. Clicking on a dodgy link might seem like a trifling issue, but it’s enough to spread malware throughout an entire organisations’ IT environment. The NHS, as with any organisation, needs to highlight the role that its staff and even the patients play in helping it tackle the cyber threat. It needs to introduce better education campaigns for employees, as well as the wider public, to raise awareness of cybersecurity, from tactics used to key behaviours that can mitigate its impact. Part of this is introducing a more security-conscious culture where all NHS staff play their role in being vigilant against threats and acting accordingly so ensure that when a hack occurs, it can be tackled immediately.

There are many examples of brilliant innovation across the NHS, where Trusts are doing amazing things to protect our data in very difficult circumstances, with shrinking budgets. In order to restore confidence in the NHS’ ability to keep data safe and protect essential front-line services from being crippled by a cyberattack, investment needs to centre on protecting against threats known and unknown and making security a top priority.

By Tim Hearn, Director, UK Government and Public Services at VMware 


Category: Business

Tags: , , ,

Related Articles

Posted on 20/02/2018 by blogsadmin

Partner collaboration: where the digital transformation battleground is won

Jean-Philippe Barleaza shares insights into how VMware’s close partner relationships are enabling businesses to navigate their digital transformation challenges. As entire industries are reshaped by technology, the ability to attract and retain customers has never been more important. Creating an outstanding customer experience at every touchpoint is critical – it’s the new digital transformation battleground. […]

1 minute read
Posted on 26/09/2018 by vmwareemeasmt

Join VMware at Cybertech Europe 2018

It’s almost time for Cybertech Europe again – one of the biggest events in cyber technology outside of the United States. We’re set and ready, will you be there? Here’s your chance to get acquainted with the latest innovations and solutions featured by the international cyber community. The event has a particular focus on networking, […]

1 minute read
Posted on 30/01/2018 by blogsadmin

Paul McSharry’s Elastic Sky Challenge – Hands on Lab

Do you have what it takes to configure a Software Defined Data Center on your first day in the job? Take on the Elastic Sky Challenge and enter the competition to win a GoPro. In this Hands-on Lab experience, created by Paul McSharry, you will take on the role of an IT Practitioner faced with […]

1 minute read

Comments

No comments yet

Add a comment

Your email address will not be published. Required fields are marked *

*

This site uses cookies to improve the user experience. By using this site you agree to the privacy policy