NHS technology is (still) in very poor health
Every one of 200 NHS trusts tested has failed on data security. Every. Single. One.
That’s a frightening statistic, given that we rely on our medics and those who support them to be at the top of their game in everything.
Securing our most private data is one of the most fundamental requirements of healthcare IT. It can cause you to wonder how well these organisations are able to handle the even more critical medical information about our treatment… Getting that wrong can be fatal.
Everything is digital now and collectively, both as a nation and globally, we have massive expertise in creating, storing, sharing and security. The UK’s biggest employer should not be behind the curve in this regard. That testing was carried out on 200 of 236 trusts in England. It’s a fair bet that there would be more failures among the remaining 36.
Not only is it inexcusable, it’s downright embarrassing for UK plc, suggesting as it does that we somehow don’t have the skills to get these things right.
Going even further, the online world is now full of bad actors, including entire nation states, who are seeking vulnerabilities they could exploit for various purposes. They are extremely good at what they do, so you would imagine them having little difficulty in bypassing security which has failed testing.
It’s not a stretch to imagine a foreign state causing our Government to take its eye off the ball somewhere else by causing havoc across our health service. That’s not us being paranoid. When it comes to networks, if it can happen, at some point it will. The ransomware attacks on the NHS last year were the perfect example of this.
Whatever is happening in public sector IT security, we’d like to think that private businesses long ago got the memo that you can’t play with this topic.
As the implementation of the General Data Protection Regulation (GDPR) looms the attitude to data security has to change for everyone – and the gem in our public sector is no different.