FoI request exposes ‘alarming’ lack of cyber security in the NHS
Almost two-thirds of NHS Trusts allow employees to access work data from their personal smartphone or tablet
NHS Trusts across England do not have adequate training programmes that guard employees against cyber threats, a freedom of information (FOI) request has discovered.
In research by Accellion, 71% of NHS Trusts acknowledged the use of smartphones or tablets in the workplace, and an equal number admitted to having a limited or no training programme in place for how to safeguard organisational information when using these devices.
Given the fact that many data breaches are the result of accidental insider leaks, or lost or stolen devices, the absence of a formal and recurring training programme is alarming.
The uptake in smart technology is in direct correlation with the increasing number of cyber attacks in the healthcare sector, where patient data is seen to be of greater value to hackers than financial details when sold on the black market.
When questioned further on cyber security training and programmes, four out of five of the NHS Trusts said they supplied their staff with a smartphone or tablet in some capacity, and 59% said staff access organisational information, including patient records.
Close to half (41%) of the NHS Trusts questioned said they rely on the security of their server, encryption or the goodwill of staff to comply with information security policies that ensure patient data is kept secure.
Most (92%) of the NHS Trusts questioned planned to incorporate smartphones, tablets or the use of applications to allow employees to access shared content by 2018, as part of the NHS’s paperless initiative.
Only 53% of the NHS Trusts said they currently provide a secure, enterprise-grade application for the sharing of patient data. With the increasing uptake in smart technology, this is a figure that must change in order to prevent further cyber attacks.
‘With a reported 93% of data breaches caused by human error, the integration of smartphones into the UK health service must be properly managed,’ said Yorgen Edholm, CEO and president at Accellion. ‘Data breaches are continuing at an alarming rate, yet a cyber security mindset is still not ingrained at every level of the NHS Trusts.
‘From the latest hire to the most tech-savvy employee, cyber security must be top of mind. With the increasing use of wearable devices, employees are going to be the weakest link in the security ecosystem.’