NHS prioritising cyber security to improve patient care and trust

Palo Alto Networks, the next-generation security company, has today released findings of independent research into the state of cyber security within the UK’s National Health Service (NHS).

Working with Vanson Bourne, 100 NHS IT decision-makers were surveyed on the importance of data security in the wake of recent cyber attacks, preparedness for forthcoming tougher data protection rules, and the development of trust when it comes to how patients digitally interact with the NHS.

The study revealed NHS IT managers’ awareness and understanding of how the Department of Health is planning to radically change cybersecurity requirements for healthcare providers.

>See also: Cyber security in the NHS: useless operating systems and legacy applications

The vast majority of respondents (90%) believe that prioritising cyber security in the NHS will unlock the potential of digitalisation to improve patient care. They also agree that cyber security investment could enable substantial savings in the long run (83%), saving £14.8 million nationally each year on average. The survey’s respondents estimated that improved cybersecurity would save enough money to allow for an additional 150 doctors and 250 nurses within the NHS.

Data security is a priority, but training needed to boost prevention culture

All respondents agreed on the importance of keeping data secure. The benefits of cybersecurity are believed to have a wide significance, with 65% believing that it would improve the level of patient trust, almost half (49%) thinking it would streamline processes, and 45% seeing long-term cost-savings as a result.

With recent cyber attacks such as WannaCry affecting front-line services, NHS IT managers say that more can still be done to cultivate a robust and widespread cybersecurity culture within the NHS, through improved training and education.

However, while 41% felt that all staff should receive specific training, only a minority of NHS IT professionals said that front-line staff who accessed IT systems receive cybersecurity training, such as administrators (30%), doctors (11%) and nurses (6%).

Professional concerns aired on patient trust in NHS data handling

In a sector that is increasingly digitised and reliant on data, patient confidence in how their data is used and stored is essential.

The research found that IT decision-makers mostly think that patients have a good or complete level of trust in how the NHS uses or stores their data (81% and 67%, respectively).

>See also: NHS ‘will be hit by more cyber attacks’

However, a quarter of respondents believe that patients have minimal trust in how the NHS stores their data. More than one in ten (16%) also reckon patients put very little trust in how their data could then be used by the NHS. In order to tackle this trust gap, prioritisation of cyber security is seen as key (89%).

GDPR on track in NHS, but big improvements still need to be made

When it comes to GDPR, IT decision-makers within the NHS are generally informed about the changes coming into effect in 2018. 83% have had guidance from senior management about compliance, and 95% say they are aware of what they need to do to comply.

The majority of respondents (58%) think that their NHS organisation will be ready for GDPR by May 2018, and 16% even believe the NHS is already compliant. Nonetheless, more than three-quarters (77%) realise that their organisation’s IT systems still need improving to ensure data-handling compliance.

>See also: What can the public sector do to bolster its cyber security?

“Digitisation can reap considerable benefits for NHS patients and staff, yet the capacity to save money and improve patient care through more seamless, digital processes is dependent on how the NHS leverages cyber security to maintain trust, while capitalising on its exponential data growth. Preventing successful cyber attacks will be paramount in reducing disruption to medical services and improving patient trust, leading to the greater ability to use data to improve health outcomes,” stipulated Dave Allen, regional vice president, Western Europe, Palo Alto Networks.


The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...