The NHS has gained a reputation for being underfunded and vulnerable to cyber attacks, but a report by Palo Alto Networks suggests there’s a way to fix both of those problems.
Securing NHS Data in the Digital Age surveyed 100 major IT decision-makers at NHS trusts on the way the Department of Health is addressing cyber security, and 83% said effective investments could save the NHS £14.8 million each year on average.
NHS hospitals are breached continually, leading to numerous regulatory penalties and lost time. By mitigating the risk of an attack, respondents believe the NHS could save enough money to fund “an additional 150 doctors and 250 nurses”.
Palo Alto’s report suggests that improved cyber security would also resolve other issues. The majority of respondents (90%) said that prioritising cyber security would help the NHS “unlock the potential of digitalisation to improve patient care”, 65% said it would improve patients’ trust in the service and 49% thought it would streamline processes.
Dave Allen, regional vice president of Palo Alto Networks, said: “Digitisation can reap considerable benefits for NHS patients and staff, yet the capacity to save money and improve patient care through more seamless, digital processes is dependent on how the NHS leverages cybersecurity to maintain trust, while capitalising on its exponential data growth.”
“Preventing successful cyberattacks will be paramount in reducing disruption to medical services and improving patient trust, leading to the greater ability to use data to improve health outcomes.”
Address your biggest vulnerability
Organisations don’t need to commit to intrusive or expensive changes to become significantly more cyber secure. Creating and implementing cyber security policies or investing in technological defences will certainly help, but organisations’ biggest vulnerability is often its own staff.
Surprisingly, few of the respondents to Palo Alto’s report said that front-line staff who accessed IT systems should receive cyber security training, even though these are the people who are most likely to be responsible for a data breach.
Any employee who has access to personal or confidential information could cause a data breach, and organisations need to commit to regular staff awareness training to help them understand their security vulnerabilities.
Our Information Security Staff Awareness E-Learning Course uses clear, non-technical language to familiarise your employees with the basics of information security, including security threats via email, the Internet and the workplace. It also introduces them to your policies on incident reporting and responses.
The course is aimed at anyone who processes information and uses information technology or the Internet in their job.