The NHS has put itself at risk of suffering more major cyberattacks due to a lack of proper skills and training.
An FOI request has uncovered large disparities among NHS trusts across the country when it comes to cybersecurity protection in the health service, which could leave the service open to attacks.
This was in spite of trusts spending an average of £5,356 on data security training, although this did not include free in-house NHS Digital tools. Despite NHS Digital demanding that 95 percent of all staff must pass free Information Governance training every 12 months, currently only 12 percent of trusts had met this.
NHS cybersecurity
The NHS' lack of cybersecurity protection was highlighted last year after the WannaCry attack cost the service an estimated £92m.
This led the Government to increase cybersecurity funding by £150m and also introduce a number of new security policies, however without the skills needed to utilise these properly, this may be only papering over the cracks.
“These findings shine a light on the cyber security failings of the NHS, which is struggling to implement a cohesive security strategy under difficult circumstances,” explained Redscan director of cybersecurity, Mark Nicholls.
“Individual trusts are lacking in-house cybersecurity talent and many are falling short of training targets; meanwhile investment in security and data protection training is patchy at best. The extent of discrepancies is alarming, as some NHS organisations are far better resourced, funded and trained than others.”
- Keep yourself safe with the best antivirus of 2018
