More cyber security training needed in the NHS

According to a recent freedom of information request aimed at NHS Trusts in England, acceptable cyber security training programmes are lacking across the UK.

Personal devices are a major security risk

Research carried out by Accellion shows that while 71% of NHS Trusts questioned admitted the use of smartphones or tablets in the workplace, an equal number disclosed to having a limited or no training programme in place for how to safeguard organisational information when using these devices.

Considering the number of data breaches, which result from accidental insider leaks or lost/stolen devices, the nonexistence of a formal and recurring training program is alarming.

Patient data valuable to hackers

The increase of smart technology usage is in direct correlation with the growing number of cyber attacks in the healthcare sector, where patient data is seen to be of greater value to hackers than financial details when sold on the black market.

When questioned further on cyber security training and programmes, the NHS Trusts also revealed the following:

  • 80% of NHS Trusts supply their staff with a smartphone or tablet in some capacity.
  • Organisational information, including patient records, is accessed by staff at 59% of NHS Trusts.
  • Close to half (41%) of NHS Trusts questioned rely on the security of their server, encryption, or the goodwill of staff to adhere to an Information Security Policy to ensure patient data is kept secure.

A cyber security mindset is needed

Yorgen Edholm, CEO & President at Accellion commented that “with a reported 93% of data breaches caused by human error, the integration of smartphones into the UK health service must be properly managed. Data breaches are continuing at an alarming rate, yet a cyber security mindset is still not ingrained at every level of the NHS Trusts. From the latest hire to the most tech-savvy employee, cyber security must be top of mind.”

Yorgen went on to say, “with the increasing use of wearable devices, employees are going to be the weakest link in the security ecosystem.”

NHS’ paperless initiative – security solutions and trading needed

Interestingly, as part of the NHS’ paperless initiative, 92% of NHS Trusts questioned plan to incorporate smartphones, tablets or the use of applications to allow employees to access shared content by 2018.

At present, only 53% of these NHS Trusts provide a secure, enterprise-grade application for the sharing of patient data. However, with the increasing uptake in smart technology this is a figure that must change in order to prevent further cyber attacks.

These findings suggest that as the NHS invests more of its budget in technology, it must invest in both enterprise-grade security solutions and greater training for its employees.


Edited from press release by Cecilia Rehn.