NHS bosses have been told to overhaul their computer technology, staff training and corporate governance before two reports on data security are published. The NHS has a poor record on data security. Earlier this month two trusts were fined £365,000 for leaking information about thousands of NHS staff and hundreds of patients with HIV. IT Security Experts from ESET and MIRACL comment on the news:
Mark James, Security Specialist at ESET:
With the sheer amount of very private information held by the NHS, it’s going to be a honeypot for cybercriminals. Keeping this data safe across the many platforms is a logistical nightmare and the only way forward is making sure hardware and software is updated to the latest secure standards. It seems simple but with so many bespoke programs that do a task it’s very hard to justify upgrading or changing just because you have to.
With limited funding available decisions will need to be made based on importance or priority, the problem is understanding the very real threat of data breaches; companies have to protect our data and even more so when its medical or personal information. A good clear attainable program needs to be outlined and more importantly achievable to implement modern security features in one of our most critical industries.
Brian Spector, CEO at MIRACL:
Hospital IT systems are notoriously fragmented and complex, with networks crossing wards, laboratories and offices. They are also among the most vital and important in any organization – because if their systems go down, people’s lives may be at risk.
In terms of data security, public institutions like hospitals are a key target for hackers because they hold such a treasure trove of personal data. This has fuelled a spate of ransomware attacks on US hospitals, and UK councils, in the past year. While data theft and identity fraud is such a multi-billion dollar business on the dark Web, any organisation that houses sensitive personal or financial data needs to be vigilant.
What’s clear is that any networked system is vulnerable to a cyber-attack, and that organizations need to constantly evaluate and improve their defence configurations. It’s as true for hospitals as it is for the Web itself, where the efforts of hackers are becoming bolder and more frequent. We believe that the security challenge is a problem that can’t be patched. The best thing to do is start over with a new system which distributes trust across multiple points instead of continuing to provide single points of compromise.