Three steps to improving the security of the NHS

Three steps to improving the security of the NHS

Posted on 26/09/2017 by blogsadmin
DISCLAIMER: this article is older than one year and may not be up to date with recent events or newly available information.

Download our free eBook – “Securing a New Lifeline for the NHS”


Against a backdrop of more persistent and diverse cyber threats, the NHS is facing an uphill battle in keeping patient data safe and vital services operating efficiently. 

The WannaCry ransomware attack in May this year, which crippled a number of NHS Trusts, demonstrated the reality of cyber threats and their potential to impact directly on patient services. In the wake of the attack, NHS bosses and the government faced questions over why hospitals had been left vulnerable, and how they can better mitigate the impact when another attack takes place.

As part of its drive to become an increasingly digital organisation, the NHS must demonstrate that it can protect the data that it holds and the systems on which it functions or risk losing the support of the UK public. Our newly published report ‘Securing a new lifeline for the NHS’ explored the views of 100 IT decision makers (ITDMs) across the NHS, revealing some concerning trends and highlighting the need to push security to the top of the agenda. Key insights included:

  • The likelihood that data has already been compromised is high with 80 percent of ITDMs believing that electronic staff records have been compromised, and almost a third saying the same about patient data
  • There is a clear need to dedicate more budget to protecting the NHS’ IT estate, with 70 percent stating that more must be spent on IT security to modernise infrastructure and bolster defences
  • As well as investing more in infrastructure, the NHS also needs to invest in its people – ensuring that they have the skills and capabilities needed to create a secure IT environment, and know how to deal with a cyber attack when it occurs. A worryingly high 38 percent of ITDMs say that their team lacks the skills to improve cybersecurity infrastructure and strategy
  • It’s not just malicious hackers that pose a threat to data integrity, NHS staff (32%) and even patients (30%) themselves were among the most likely reasons to cause a data breach. Responsibility for protecting any organisation no longer lies solely with the IT team but sits with anyone that interacts with data and devices. In an increasingly data-driven and digital care environment, the means pretty much everyone needs education on the role they have to play

It’s an incredibly tough challenge, but we believe there are a few keys steps that NHS organisations can take to improve their approach to cybersecurity.

Smart investment in the right technologies – analysis following WannaCry revealed many NHS trusts were using obsolete systems, while others had failed to apply recent security updates which would have protected them. Reports suggest that around 90 per cent of NHS trusts in the UK were using Windows XP – a 16-year-old operating system – which was a major contributing factor in enabling the spread of the ransomware attack.

The incident raised awareness of the need for the NHS to modernise its approach to IT security and focus on protection from the inside out; this means investing more than the 10% of IT budget on security that it currently sets aside. To mitigate the immediate risks with cyber security, the government must work closely with the NHS to move from unsupported operating systems, including Windows XP, and focus on implementing a security-first culture.

Foster innovation and modernisation through skills investment – as well as investing in updated infrastructure, more needs to be done to address the skills needed to keep pace with increasingly sophisticated threats. The NHS needs to invest in its staff by identifying areas for improvement and providing them with the necessary training or support.

This could take the form of programmes that encourage innovation and best practice sharing to equip the workforce with the skills necessary to combat today’s threats, and funnel digital talent to where it is most needed.

Educate staff and public about their role in fighting the cyber threat – seeing over a million patients every 36 six hours makes the NHS an unbelievably fast-paced environment. It’s no surprise then that there is a certain amount of human error when it comes to the use of IT systems as part of the care process. Clicking on a dodgy link might seem like a trifling issue, but it’s enough to spread malware throughout an entire organisations’ IT environment. The NHS, as with any organisation, needs to highlight the role that its staff and even the patients play in helping it tackle the cyber threat. It needs to introduce better education campaigns for employees, as well as the wider public, to raise awareness of cybersecurity, from tactics used to key behaviours that can mitigate its impact. Part of this is introducing a more security-conscious culture where all NHS staff play their role in being vigilant against threats and acting accordingly so ensure that when a hack occurs, it can be tackled immediately.

There are many examples of brilliant innovation across the NHS, where Trusts are doing amazing things to protect our data in very difficult circumstances, with shrinking budgets. In order to restore confidence in the NHS’ ability to keep data safe and protect essential front-line services from being crippled by a cyberattack, investment needs to centre on protecting against threats known and unknown and making security a top priority.

By Tim Hearn, Director, UK Government and Public Services at VMware 

Category: News & Highlights

Tags: , , ,

Related Articles

Posted on 09/03/2020 by vmwareemeasmt

Don’t break the bank – Cyber Security, banking and breaches

Matthew O’Neill, Financial Services Industry Managing Director, Office of the CTO, VMware It doesn’t matter what bank or financial institution they work for, there’s one thing that I guarantee keeps all CIOs awake at night – Cyber Security. To be fair, security in the digital era is probably the number one topic across all sectors. […]

Posted on 19/12/2018 by vmwareemeasmt

Building the cornerstone of digital transformation with trusted partners

VMware would not be where they are today without our partners. They are a critical link to the customer – as well as being our go-to-market, they are a vital source of feedback and guidance, helping shape our strategy, the services we provide and the products we build. It’s a cliché but our relationships with our […]

Posted on 06/04/2020 by vmwareemeasmt

Technology: Empowering staff to secure a promising prognosis for healthcare

Jens Koegler, Healthcare Industry Director VMware EMEA There’s a great deal of excitement in the healthcare industry when it comes to technological innovation in patient care. From AI-enabled pacemakers, to IoT wearables and 3D printing of organs, the innovations we’ve seen in the last decade can now help prolong a patient’s life or increase their […]


No comments yet

Add a comment

Your email address will not be published.

This site uses cookies to improve the user experience. By using this site you agree to the privacy policy