Almost half of NHS Trusts make no attempt to monitor cloud app usage, according to the results of a Freedom of Information request.
The same FOI by cloud security firm Netskope also revealed that fewer than one-fifth of NHS Trusts have visibility into all cloud app use.
This potentially leaves sensitive data vulnerable to both risky apps and malicious behaviour.
Cloud computing refers to any Internet-based computing that provides shared computer processing resources and data to computers and other devices on demand.
This is opposed to the traditional model of computing resources being delivered via physical hardware on-site.
Cloud computing also offers advantages, as it can be rapidly provisioned and released with minimal management effort.
The FOI request was issued to 80 of the UK’s Acute NHS Trusts, with 43 organisations responding.
Just over half of NHS Trusts (53 per cent) who responded believe all unsanctioned cloud apps are completely blocked, yet at the same time fewer than one in five NHS Trusts (19 per cent) confirmed that all cloud app use is monitored.
A third (30 per cent) of respondents were unsure how many cloud apps – both sanctioned and unsanctioned – were used by employees.
While a further 35 per cent were able to pinpoint a specific number of cloud apps in use, the figures given were extremely low at an average of just 10.4 cloud apps per NHS Trust.
This is compared to the 824 cloud apps found on average in organisations across EMEA in studies outside healthcare.
The findings of the FOI fall against a backdrop of a push to make more use of mobile apps and wearable technology as a source of patient data combined with a growing appetite for sensitive medical data amongst cyber criminals.
Jonathan Mepsted, managing director UK at Netskope, commented on the issue, warning that the NHS was failing to satisfactorily secure cloud data.
“While the NHS has shown great commitment to digitally transforming the patient experience, our data shows a concerning lack of awareness – both in terms of the potential security threats stemming from the cloud and also the data being stored and shared by employees through cloud apps.”
This can be considered particularly important, as cloud computing will become increasingly prevalent in the coming years.
A recent survey found that 82% of companies saved money by moving to the cloud.
The aforementioned Mepsted also pointed to organisational commitments that the NHS has made.
“Given the NHS deadline to go paperless by 2020 and the resulting push towards a digital-first strategy, NHS Trusts will need to ensure the correct security controls are in place in order to remain vigilant to the possible threats posed by cloud apps and take proactive measures to secure data in the cloud.”
The IT expert also suggested that the NHS was leaving itself vulnerable to litigation by failing to satisfactorily secure its cloud networks.
“Although apps offer significant productivity benefits, when left unchecked they can also pose serious risks for organisations such as fines for non-compliance and reputational damage. The healthcare sector in particular handles a huge cross-section of sensitive data, including large amounts of personally identifiable information relating to citizens’ health.”
It is predicted that the global market for cloud equipment will reach $79.1 billion by 2018.