NHS Trusts Have Failed Cybersecurity Tests

By   ISBuzz Team
Writer , Information Security Buzz | Feb 07, 2018 07:15 am PST

With recent news that the NHS’s lost of thousands of patient records and documentation and are now failing cyber security tests, IT security experts commented below.

Dr Guy Bunker, SVP of Products at Clearswift:

guy bunker“The news that the NHS shared 162,000 pieces of documentation with Capita is unfortunately not an isolated event. In fact, 37% of healthcare respondents in our recent report agreed they had definitely duplicated customer data through email and document forwarding. Due to human error and a lack of technology enforcing processes that would avoid this kind of incident, this happens within businesses all too often.

“There is a serious need for businesses to put correct processes in place – with both paper and electronic records – that can minimise unwanted data acquisition and ensure there is no unauthorised sharing of information. This is especially imperative with the digitalisation of organisations such as the NHS because, while it may be more difficult to enforce processes with paper records, it’s far harder to spot mistakes on electronic versions. It will become easier to share electronic files across larger groups of people so it is vital for businesses to have the correct policies in place to safeguard customer – and in this case, patient – information.

“With GDPR around the corner, now is a critical time to have processes in place. We will hear of more and more stories of companies being fined for non-compliance during the first few months because there have been so many issues with data protection and customer information being wrongfully shared. And with the NHS already struggling to pay existing clinical error payouts, how will it cope with additional GDPR fines to pay on top? Now is the time to act to safeguard UK businesses by investing in the necessary processes that can consistently monitor and enforce secure data sharing with the appropriate authorised individuals and organizations.”

Rob Bolton, Technology Director and GM for Western Europe at Infoblox:

isbuzz author male 1“The NHS is currently facing a number of challenges. Not only is it being called upon to modernise, reform and improve services to meet the needs of ever more complex, instantaneous patient demands, it is also facing an ever mounting threat from cybercriminals operating in groups that are much more agile than the NHS itself. This spans not only technological environments, but processes and the people that have access.

Because of this, it is not really a surprise that NHS trusts are struggling to pass cybersecurity tests. Our recent research found that 1 in 4 UK healthcare IT professionals do not feel confident in their organisation’s ability to defend against a cyberattack.

In order for the NHS to effectively defend against cybercrime, IT teams need to carry out regular overviews of their systems, making sure they identify all vulnerable systems, efficient processes for identifying and remediating weaknesses, and have the ability to recognise malicious activity across their network. It is also vital that all trusts have a plan in place to deal with a cyberattack relative; external communication to the public and ransom demands are very much a part of this. Minimising disruption is key to ensuring that organisations can continue providing essential services to patients.”

Paul Farrington, ‎Manager, EMEA Solution Architects at CA Veracode:

“Clearly the NHS has worked hard to improve their overall cyber security, however there is still a long way to go if the organisation is going to be prepared for another attack such as WannaCry. Failing to meet the required standards when it comes to software vulnerabilities is not unique to organisations like the NHS, however when the stakes are literally life and death, cyber security has to become a top priority.

With new vulnerabilities being discovered constantly, the NHS must take responsibility for the state of their software, and testing for vulnerabilities early and often is a cost-effective and productive way to reduce the threat from hackers.

Our growing dependency on software means that cyberattacks are becoming much more frequent, as cyber criminals look to exploit vulnerable software. In fact research has shown that 88% of Java applications contain at least one vulnerable component, making them susceptible to widespread attacks.”