Home » Topics » Cybersecurity » 87% of UK healthcare organisations are putting patient data at risk

87% of UK healthcare organisations are putting patient data at risk

Avatar photoby Ben Rossi

Concurrent logins, manual logoffs, password sharing and the lack of unique logins are putting patient records at risk, new research has revealed.

A report by IS Decisions found that despite increased pressure from the ICO on the NHS’s data protection practices, 87% of healthcare staff are still able to logon to different devices and workstations concurrently, 37% are required to manually logoff, and 44% do not have unique logins.

The report highlights the several issues that have a direct effect to security of information within the healthcare industry. Access to personal data can be life-dependent but there has to be a reliable access management procedure and system in place.

According to the report, 69% have access to patient data, which is worrying considering 44% do not have unique logins for this access, making proper user identification impossible.

Just 13% of survey respondents were restricted from concurrent access, a requirement given attribution is difficult when users can be logged in from multiple devices and locations.

>See also: Time for a technology check-up: what NHS staff need their IT managers and suppliers to know

The report also examined security training, for both on-boarding new employees and those who have settled into their jobs. It showed that 48% of healthcare professionals did not receive any security training when they were employed and only 41% of existing employees received IT security training.

“Security and privacy regulations regarding the processing, storage, and transmission of patient data – such as HIPAA, HITECH, EU directives, breach notification requirements, as well as associated penalties for non-compliance – can serve as a first critical element to ensure security is taken more seriously,” said Michela Menting, digital security research director at ABI Research.

Francois Amigorena, CEO of IS Decisions, added, “Healthcare organisations need to protect the patient’s right to privacy while ensuring healthcare professionals get the necessary access to provide the best treatment for their patients. Information of this critical and confidential nature should only be accessible by authorised users and it really should not be a complicated process.”

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Data

Related Stories

Cybersecurity

How AI will shift the security landscape in 2024

The impact of AI within cybersecurity is expected to grow significantly this year, says Alex Holland, senior malware analyst at HP

AI & Machine Learning

NCSC releases guidelines for secure AI development

New guidance from the National Cyber Security Centre (NCSC) aims to help businesses securely innovate with AI and minimise risks

Cybersecurity

3 cybersecurity compliance challenges and how to address them

Earning those trust seals can strengthen relationships with board members and prospective customers, but it sure isn’t easy.

Cybersecurity

70% of UK firms reported cyber insurance changes in past year

According to research from Databarracks, seven in 10 UK businesses have seen changes to their cyber insurance in the past 12 months, as requirements rise