Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - NHS Trusts Have Failed Cybersecurity Tests
News & Analysis

NHS Trusts Have Failed Cybersecurity Tests

ISBuzz TeamBy ISBuzz TeamFebruary 7, 2018Updated:April 30, 20254 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

With recent news that the NHS’s lost of thousands of patient records and documentation and are now failing cyber security tests, IT security experts commented below.

Dr Guy Bunker, SVP of Products at Clearswift:

Guy Bunker“The news that the NHS shared 162,000 pieces of documentation with Capita is unfortunately not an isolated event. In fact, 37% of healthcare respondents in our recent report agreed they had definitely duplicated customer data through email and document forwarding. Due to human error and a lack of technology enforcing processes that would avoid this kind of incident, this happens within businesses all too often.

“There is a serious need for businesses to put correct processes in place – with both paper and electronic records – that can minimise unwanted data acquisition and ensure there is no unauthorised sharing of information. This is especially imperative with the digitalisation of organisations such as the NHS because, while it may be more difficult to enforce processes with paper records, it’s far harder to spot mistakes on electronic versions. It will become easier to share electronic files across larger groups of people so it is vital for businesses to have the correct policies in place to safeguard customer – and in this case, patient – information.

“With GDPR around the corner, now is a critical time to have processes in place. We will hear of more and more stories of companies being fined for non-compliance during the first few months because there have been so many issues with data protection and customer information being wrongfully shared. And with the NHS already struggling to pay existing clinical error payouts, how will it cope with additional GDPR fines to pay on top? Now is the time to act to safeguard UK businesses by investing in the necessary processes that can consistently monitor and enforce secure data sharing with the appropriate authorised individuals and organizations.”

Rob Bolton, Technology Director and GM for Western Europe at Infoblox:

“The NHS is currently facing a number of challenges. Not only is it being called upon to modernise, reform and improve services to meet the needs of ever more complex, instantaneous patient demands, it is also facing an ever mounting threat from cybercriminals operating in groups that are much more agile than the NHS itself. This spans not only technological environments, but processes and the people that have access.

Because of this, it is not really a surprise that NHS trusts are struggling to pass cybersecurity tests. Our recent research found that 1 in 4 UK healthcare IT professionals do not feel confident in their organisation’s ability to defend against a cyberattack.

In order for the NHS to effectively defend against cybercrime, IT teams need to carry out regular overviews of their systems, making sure they identify all vulnerable systems, efficient processes for identifying and remediating weaknesses, and have the ability to recognise malicious activity across their network. It is also vital that all trusts have a plan in place to deal with a cyberattack relative; external communication to the public and ransom demands are very much a part of this. Minimising disruption is key to ensuring that organisations can continue providing essential services to patients.”

Paul Farrington, ‎Manager, EMEA Solution Architects at CA Veracode:

“Clearly the NHS has worked hard to improve their overall cyber security, however there is still a long way to go if the organisation is going to be prepared for another attack such as WannaCry. Failing to meet the required standards when it comes to software vulnerabilities is not unique to organisations like the NHS, however when the stakes are literally life and death, cyber security has to become a top priority.

With new vulnerabilities being discovered constantly, the NHS must take responsibility for the state of their software, and testing for vulnerabilities early and often is a cost-effective and productive way to reduce the threat from hackers.

Our growing dependency on software means that cyberattacks are becoming much more frequent, as cyber criminals look to exploit vulnerable software. In fact research has shown that 88% of Java applications contain at least one vulnerable component, making them susceptible to widespread attacks.”

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Visual data is the blind spot in enterprise security: that’s about to change

May 4, 20267 Mins Read

Making stolen data worthless: why security must start with the data

March 30, 20265 Mins Read

Meta’s Smart Glasses Privacy Scandal Expands After Sama Credentials Found on the Dark Web

March 10, 20264 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}