Some of the key findings from an FoI request into NHS cybersecurity spending and breaches, including:

  • The average annual spend for an NHS trust was £23,040, but six trusts spent at least £100,000.
  • Forty-five NHS trusts were unable to specify their cybersecurity budget at all
  • The investigation also revealed that trusts are suffering an increasing amount of personal data breaches, from 3,133 in 2014 to 4,177 last year, and that cyber incidents are accounting for more breaches, from eight in 2014 to 60 last year

Tim Jarrett, Senior Director of Product Marketing at Veracode commented below on these findings.

Tim Jarrett, Senior Director of Product Marketing at Veracode:

timothy-jarrett “This investigation reveals inconsistencies in cyber defences within the National Health Service as well as a troubling increase in the number of personal data breaches which could compromise patient security. It’s time for the health sector to wake up and recognise that its goldmine of data will soon come under constant attack on a similar scale to what we have already seen in the financial services sector.

“As the NHS begins to implement its paperless healthcare strategy, it must also increase cyber security procedures to protect digital documents and data. This means making implementation of encryption technology alongside rigorous testing of all applications for vulnerabilities a top priority to keep hackers and cyber criminals locked out.

“These findings coincide with the recent Veracode State of Software Security report, which revealed healthcare as an industry now has the lowest vulnerability fix rate globally, with the second-lowest OWASP pass rate and the highest prevalence of cryptographic and credentials management issues.”

Information Security Buzz