NHS bosses have been told to overhaul their computer technology, staff training and corporate governance before two reports on data security are published. The NHS has a poor record on data security. Earlier this month two trusts were fined £365,000 for leaking information about thousands of NHS staff and hundreds of patients with HIV. IT Security Experts from ESET and MIRACL comment on the news:
Mark James, Security Specialist at ESET:
With limited funding available decisions will need to be made based on importance or priority, the problem is understanding the very real threat of data breaches; companies have to protect our data and even more so when its medical or personal information. A good clear attainable program needs to be outlined and more importantly achievable to implement modern security features in one of our most critical industries.
Brian Spector, CEO at MIRACL:
In terms of data security, public institutions like hospitals are a key target for hackers because they hold such a treasure trove of personal data. This has fuelled a spate of ransomware attacks on US hospitals, and UK councils, in the past year. While data theft and identity fraud is such a multi-billion dollar business on the dark Web, any organisation that houses sensitive personal or financial data needs to be vigilant.
What’s clear is that any networked system is vulnerable to a cyber-attack, and that organizations need to constantly evaluate and improve their defence configurations. It’s as true for hospitals as it is for the Web itself, where the efforts of hackers are becoming bolder and more frequent. We believe that the security challenge is a problem that can’t be patched. The best thing to do is start over with a new system which distributes trust across multiple points instead of continuing to provide single points of compromise.