Three steps to improving the security of the NHS

Three steps to improving the security of the NHS

Posted on 26/09/2017
DISCLAIMER: this article is older than one year and may not be up to date with recent events or newly available information.

Download our free eBook – “Securing a New Lifeline for the NHS”

##

Against a backdrop of more persistent and diverse cyber threats, the NHS is facing an uphill battle in keeping patient data safe and vital services operating efficiently. 

The WannaCry ransomware attack in May this year, which crippled a number of NHS Trusts, demonstrated the reality of cyber threats and their potential to impact directly on patient services. In the wake of the attack, NHS bosses and the government faced questions over why hospitals had been left vulnerable, and how they can better mitigate the impact when another attack takes place.

As part of its drive to become an increasingly digital organisation, the NHS must demonstrate that it can protect the data that it holds and the systems on which it functions or risk losing the support of the UK public. Our newly published report ‘Securing a new lifeline for the NHS’ explored the views of 100 IT decision makers (ITDMs) across the NHS, revealing some concerning trends and highlighting the need to push security to the top of the agenda. Key insights included:

  • The likelihood that data has already been compromised is high with 80 percent of ITDMs believing that electronic staff records have been compromised, and almost a third saying the same about patient data
  • There is a clear need to dedicate more budget to protecting the NHS’ IT estate, with 70 percent stating that more must be spent on IT security to modernise infrastructure and bolster defences
  • As well as investing more in infrastructure, the NHS also needs to invest in its people – ensuring that they have the skills and capabilities needed to create a secure IT environment, and know how to deal with a cyber attack when it occurs. A worryingly high 38 percent of ITDMs say that their team lacks the skills to improve cybersecurity infrastructure and strategy
  • It’s not just malicious hackers that pose a threat to data integrity, NHS staff (32%) and even patients (30%) themselves were among the most likely reasons to cause a data breach. Responsibility for protecting any organisation no longer lies solely with the IT team but sits with anyone that interacts with data and devices. In an increasingly data-driven and digital care environment, the means pretty much everyone needs education on the role they have to play

It’s an incredibly tough challenge, but we believe there are a few keys steps that NHS organisations can take to improve their approach to cybersecurity.

Smart investment in the right technologies – analysis following WannaCry revealed many NHS trusts were using obsolete systems, while others had failed to apply recent security updates which would have protected them. Reports suggest that around 90 per cent of NHS trusts in the UK were using Windows XP – a 16-year-old operating system – which was a major contributing factor in enabling the spread of the ransomware attack.

The incident raised awareness of the need for the NHS to modernise its approach to IT security and focus on protection from the inside out; this means investing more than the 10% of IT budget on security that it currently sets aside. To mitigate the immediate risks with cyber security, the government must work closely with the NHS to move from unsupported operating systems, including Windows XP, and focus on implementing a security-first culture.

Foster innovation and modernisation through skills investment – as well as investing in updated infrastructure, more needs to be done to address the skills needed to keep pace with increasingly sophisticated threats. The NHS needs to invest in its staff by identifying areas for improvement and providing them with the necessary training or support.

This could take the form of programmes that encourage innovation and best practice sharing to equip the workforce with the skills necessary to combat today’s threats, and funnel digital talent to where it is most needed.

Educate staff and public about their role in fighting the cyber threat – seeing over a million patients every 36 six hours makes the NHS an unbelievably fast-paced environment. It’s no surprise then that there is a certain amount of human error when it comes to the use of IT systems as part of the care process. Clicking on a dodgy link might seem like a trifling issue, but it’s enough to spread malware throughout an entire organisations’ IT environment. The NHS, as with any organisation, needs to highlight the role that its staff and even the patients play in helping it tackle the cyber threat. It needs to introduce better education campaigns for employees, as well as the wider public, to raise awareness of cybersecurity, from tactics used to key behaviours that can mitigate its impact. Part of this is introducing a more security-conscious culture where all NHS staff play their role in being vigilant against threats and acting accordingly so ensure that when a hack occurs, it can be tackled immediately.

There are many examples of brilliant innovation across the NHS, where Trusts are doing amazing things to protect our data in very difficult circumstances, with shrinking budgets. In order to restore confidence in the NHS’ ability to keep data safe and protect essential front-line services from being crippled by a cyberattack, investment needs to centre on protecting against threats known and unknown and making security a top priority.

By Tim Hearn, Director, UK Government and Public Services at VMware 


Category: Business

Tags: , , ,

Related Articles

Posted on 27/10/2017 by blogsadmin

How the Bank of Georgia introduced new services to customers securely and effectively with VMware

We always proudly share the successes that customers achieve with our solutions. The project, implemented in the Bank of Georgia, is a vivid example of timely and effective interaction. There are 6,000 employees in the Bank and more than 220 of them are in IT department. Its mission is to support customers, investors, employees and […]

2 minute read
Posted on 20/09/2017 by blogsadmin

Guest blog: Clarifying cloud value as the key to cloud service providers’ success

Fresh on the heels of VMworld and our rejuvenated Service Provider network; the VMware Cloud Provider Program, we’re continuing our series of guest blogs from partners. In our latest post, we spoke with Lukas Hrdy, Head of Enterprise Cloud & Platform Services, Tieto Corporation, the largest enterprise cloud service provider in the Nordics, about the […]

4 minute read
Posted on 16/01/2018 by blogsadmin

Carpool Tech Talk – Hands on Labs

Hands on Labs aren’t new, but the way we use them has changed. In the latest Carpool Tech Talk, Rory gets the inside scoop from Andrew Hald, Principal Architect and Senior Manager of Hands-on Labs, on how Hands-on Labs are adding value to our products and our users. ‘The previous team that ran the labs, […]

1 minute read

Comments

No comments yet

Add a comment

Your email address will not be published. Required fields are marked *

*

This site uses cookies to improve the user experience. By using this site you agree to the privacy policy