NHS data security weaknesses identified

A survey has revealed that data security in the NHS is much weaker than first thought, with mobile and remote working putting data at risk.

The gap between the actual level of data security and the perceived level of data security is significant. Last year the NHS was identified as the number one victim of cyber-attacks, with issues such as the loss of memory sticks and data leakage acknowledged as problems.

250 senior IT managers within the NHS were interviewed as part of the survey. 76 per cent of the respondents believed that protection against cyber-attacks is adequate; however, it was acknowledged that there is a growing need for encryption and just 10 per cent believed that encryption is adequate within their organisation. 59 per cent of the participants stated that there is encryption in place on email systems, while 49 per cent have encryption on file sharing systems. For those using cloud computing services, just 34 per cent had this data encrypted.

The inadequate data security levels are despite the growing use of mobile devices within the NHS. The increased use of tablets and other devices means that there are more ‘entry points’ for cybercriminals to access the data.

A recent Freedom of Information request suggested that many staff within the NHS had not received adequate IT security training. 71% of trusts make use of mobile devices, with a similar proportion not putting adequate measures in place to protect data by training their staff.

The NHS has recently announced that a new position of chief information and technology officer will be created to push IT forward within the NHS.