NHS budget cuts threaten IT security standards and patient data

A study by security services company Sophos has found that there is a significant gaps between perceived strength of IT security measures in the NHS and the actual level of IT security.

In the study of 250 NHS-employed CIOs, CTOs and IT managers, 76% believe that they have the right type of protection against cybercrime and data loss and 72% claim that loss of data is one of the biggest concerns in IT security.

The study however reveals that encryption of data is very low across the network and there is a risk of data theft.

According to the findings, only 10% say they have encryption within their organisations; only 59% have email encryption; only 49% have file share encryption and 34% have encryption of data stored in cloud.

These numbers are an alarming situation because, according to Information Commissioner‘s Office (ICO), the NHS has been the number one victim of data breaches in 2015.

Main factors of data breaches include data leakage and loss of hardware, such as USB keys.

Sophos UK and Ireland, UK Healthcare Sector manager Jonathan Lee said: "This study highlights that NHS organisations still face significant IT security issues and that IT decision makers have work to do to address gaps in their security."

"Failure to take the necessary precautions to keep cyber criminals out, to safeguard data and ultimately to protect patients and staff will continue to cause significant problems for NHS organisations.

"However, budget cuts and changes to working practices, such as the increase in mobile working, all present significant challenges within the sector."

Lee continued: "It’s no surprise that only 10 percent of NHS organisations stated that encryption was well established within their organisation.

"Most have encrypted laptops and USB sticks because they have been mandated to do so, but, currently, that is often where it stops."

Mobile healthcare has also been one of the areas being explored by NHS due to budgetary constraints.

Many NHS organisations are embracing mobile healthcare. As much as 42% of respondents in the survey have cited greater use of mobile devices in community healthcare. Apart from this, health workers are always on the move and they use mobile working practices to stay connected.

NHS is also on the path of consolidation for improved protection. One of the main motivations for consolidation has been cost cutting.

Jonathan Lee explains: "There is an important shift taking place in IT security. Organisations need a comprehensive security system that encrypts sensitive data, protects all classes of endpoints and communicates with network security systems. Sophos is at the forefront of this shift with a range of solutions offering a synchronized approach to IT security."