A survey of digital security in the NHS conducted by a major Internet firm reveals some interesting results and perceptions related to the health service.
Sophos interviewed 250 NHS-employed CIOs, CTOs and IT Managers and found that there is a significant gulf between the way that digital security is perceived in the NHS, and how it actually operates in reality.
Of those surveyed, 76 per cent think they’re suitably protected against cyber-attacks.
On the other hand, 72 per cent say data loss is their biggest concern when it comes to IT security.
IT managers were also of the opinion that encrypting NHS data is particularly critical, yet this can be considered another major area of concern.
In fact, the encryption of data in the NHS is rather paltry, with only 10% of respondents indicating that encryption is well established within that particular NHS organisation.
59 per cent of employees have some sort of email encryption, while file sharing encryption is used by 49 per cent of employees, and 34 per cent have encrypted their data stored in the cloud.
These must be considered extremely inadequate figures considering the sensitivity of the data involved, and the hostile environment that is the contemporary internet.
It seems that the perennial issue of finance plays a major part in the way that IT security is dealt with in the NHS.
There is a constant balance to be found between protecting information and saving money, and the Sophos survey found that this is a critical element of the overall digital culture of the NHS.
The Sophos survey also interestingly states that 42 per cent have cited mobile use as the main initiative driving change in the industry.
Commenting on the findings from the survey, Jonathan Lee, UK Healthcare Sector Manager for Sophos UK and Ireland, struck a note of caution, suggesting that the NHS should play very close attention to the trends outlined in the research.
“This study highlights that NHS organisations still face significant IT security issues and that IT decision makers have work to do to address gaps in their security. Failure to take the necessary precautions to keep cyber criminals out, to safeguard data and ultimately to protect patients and staff will continue to cause significant problems for NHS organisations. However, budget cuts and changes to working practices, such as the increase in mobile working, all present significant challenges within the sector.”
In particular, Lee felt that the NHS should beef up its encyrption arrangements considerably, recognising it as an area in which the health service has been neglectful.
“It’s no surprise that only 10 per cent of NHS organisations stated that encryption was well established within their organisation. Most have encrypted laptops and USB sticks because they have been mandated to do so, but, currently, that is often where it stops.”