Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

NHS Needs Immediate Investment In Cybersecurity

Written by  Jul 10, 2019

The National Health Service (NHS) remains vulnerable to hacking attacks, a whitepaper from Imperial College London has pointed out.

The vulnerability is down to a number of reasons, according to the whitepaper, which also said that urgent steps are needed to defend against threats which could risk the safety of patients.

Cybersecurity in the NHS has been a concern for many years now. In December 2018 freedom of information requests by Redscan revealed that nearly a quarter of NHS trusts have no employees with security qualifications. And a quarter of NHS trusts spend a penny on cyber-security training.

NHS cybersecurity

The new whitepaper, written by researchers from Imperial College London’s Institute of Global Health Innovation led by Professor the Lord Ara Darzi, has suggested three main reasons as to why the NHS remains vulnerable to hackers.

This includes the NHS having a combination of out-dated computer systems, lack of investment, and a deficit of skills and awareness in cyber security.

The research team also said that more investment is urgently needed, and that NHS trusts must employing cyber security professionals in their IT teams.

Trusts also need to build ‘fire-breaks’ into their systems to allow certain segments to become isolated if infected.

It should be remembered that NHS trusts were badly affected by the WannaCry ransomware that spread rapidly through computer systems around the world in May 2017.

“We are in the midst of a technological revolution that is transforming the way we deliver and receive care,” said Lord Darzi, Co-Director of the Institute of Global Health Innovation (IGHI). “But as we become increasingly reliant on technology in healthcare, we must address the emerging challenges that arise in parallel. For the safety of patients, it is critical to ensure that the data, devices and systems that uphold our NHS and therefore our nation’s health are secure.”

“This report highlights weaknesses that compromise patient safety and the integrity of health systems, so we are calling for greater investment in research to learn how we can better mitigate against the looming threats of cyber-attacks,” said Lord Darzi.

nhs hack
Also see: NHS Laptops Theft Rises Dramatically

Industry viewpoint

Security experts were also quick to comment on the state of cybersecurity within the NHS.

“Ever since Wannacry impacted the NHS, there has been an increased awareness of the lack of security funding the NHS technology systems have received over the years with many systems being out of support and, in many cases, full inventory not known,” said Javvad Malik, security awareness advocate at KnowBe4.

“Fixing such a large infrastructure is no easy task and it’s not an issue that can be resolved simply by throwing money at the problem,” said Malik. “Rather, this is an instance where we see an organisation that has neglected its security culture for a long period of time. Therefore, addressing the security culture is where efforts should begin.”

“That doesn’t mean making security issues black and white or introducing friction into processes which could end up adversely impacting patient safety,” he added. “It means creating an environment and technology choices that encourage and push towards better security and risk decisions being made both from the medical staff on the front lines and all the back end support.”

Another expert warned that the NHS has to come to the realisation that data breaches will happen in the future.

“Anything that is online is essentially fallible to breach, including backup and data stores. The first rule of cybersecurity is to accept that a breach is likely and not live with the idea that you’re infallible,” said John Gillan, UK Country Manager of Cohesity.


Cybersecurity Essentials
amazon uk

“There are things organisations of all sizes can do though to put up a strong fight,” said Gillan. “Step one is widespread employee training to help them understand the telltale signs that an email or a link is not right. Best practice around using USBs, connecting personal devices, and use of personal email on work devices is also critical. The majority of security breaches are still down to human error.”

“Technology can play a key part in a security defence, obviously so,” he said. “But if employees are making basic mistakes, the technology aspect is always going to be on the backfoot.”

Another expert pointed out that healthcare entities are often viewed as soft targets.

“Healthcare institutions are seen as softer targets as not only are these systems just as rich with data as the traditional targets but security often lags due to the focus on, in the case of healthcare, patient care over IT,” explained Anna Russell, VP at comforte AG.

“The NHS must surely have an enormous treasure of sensitive data, so besides improving their perimeter defense, they should explore a data-centric security approach,” said Russell. “That way, they could pro-actively protect their data against breaches instead of playing constant catch up in terms of addressing the many different root causes that can lead to cyber incidents.”

Do you think it's important to invest in a safer HNS?

Have something to say about this article? Comment below or share it with us on
Facebook, Twitter or LinkedIn.

Peter Flynn

Creator and director of IT Security Centre UK.

I have worked in the IT industry for many years and developed my IT security skills in particular. As this area has always been of interest to me and is more important now than ever.


Popular Cyber News

Jun 12, 2020 Cyber Security

NHS email service fooled users in phishing attack

NHS Digital is contacting users of its NHSmail email system after a small number of mailboxes were compromised in a gene...

Jun 09, 2020 Cyber Threats

Common types of cyber-attacks and how to avoid them

With cyber-attacks on the rise, businesses are constantly worried about losing vital data and the threat is very real. ...

May 25, 2020 Cyber Security

Beware of security threats before deploying remote working

Remote working is receiving a great deal of attention recently for obvious reasons. The world has changed and remote wor...

May 07, 2020 Cyber Security

Three quarters of UK homeworkers haven't received cybersecurity training

As Covid-19-related cybersecurity threats continue to multiply, three in four of home workers are yet to receive any cyb...

May 05, 2020 Cyber Security

The importance of cybersecurity for UK businesses

Technology is constantly changing and at a pace which is hard to keep up with, but 'safety first' always applies. ...

May 18, 2020 Cyber Security

UK power grid operator Elexon hit by cyberattack

The UK’s power grid middleman Elexon has announced it has fallen victim to a cyberattack, which did not compromise pow...

May 27, 2020 Cyber Security

UK scared cybercriminals will use NHSX Covid-19 Tracing App to launch attacks

Nearly half (48%) of the UK public surveyed about the NHSX COVID-19 tracing app do not trust the UK government to keep t...

Apr 16, 2020 Cyber Security

Cybersecurity lessons to be learnt from the Pandemic

It may not be obvious, but the spread of information on computer networks is like disease processes. ...

Jun 08, 2020 Cyber Security

Ransomware attack compensation: What the UK public think

UK consumers believes businesses should stand their ground having suffered a ransomware attack and refuse to negotiate w...

Jun 06, 2020 Cyber Security

Phishing attacks on companies using PBX systems increases dramatically

While video conferencing solutions have become the prime targets for hackers recently following the shift to remote work...

Jun 12, 2020 Cyber Security

Cybersecurity in the shortsighted gig economy

The ‘gig’ economy encompasses the increasing economic trend for professionals to take on a series of temporary work ...

Apr 17, 2020 Cyber Security

SonicWall launches boundless cyber security platform

SonicWall has released a new boundless cyber security platform to protect companies and government agencies remote workf...

Apr 13, 2020 Cyber Security

Under half of UK businesses provide cybersecurity training: Kapersky

If businesses want to seriously wan to reduce he risk of data breaches and remains secure, they must commit to employee ...

Jul 23, 2020 Cyber Security

Many cyber attacks on UK sports industry says report

At large percentage of sporting institutions, organisations and teams in the UK have suffered a security incident in the...

Jun 11, 2020 Cyber Security

UK government to fund nine cyber security projects

The government is to invest £10m through March 2024 from various sources to fund nine academic cyber security projects ...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

Symantec Home 120x60