show image

Oscar Williams

News editor

The NHS is under-spending on cyber security, admit NHS IT decision-makers

The underfunding of cyber security in the NHS is threatening patient safety and putting confidential medical data at risk, the health service’s IT leaders have warned.

Seven in ten IT decision-makers surveyed by cloud computing provider VMware said not enough funding was being allocated to cyber security.

Over a quarter (29 per cent) have had to cancel or postpone appointments due to cyber incidents, and nearly a third (32 per cent) said they were certain that electronic patient data had been infiltrated by hackers.

The research was conducted in June, shortly after WannaCry ransomware forced the NHS to cancel thousands of operations and appointments across the country.

Tim Hearn, director of UK government and public services at VMware, said the health service is facing an uphill battle in keeping patient data safe against a backdrop of “more persistent and diverse threats”.

“It needs to modernise its approach and focus on protection from the inside out; this means investing more than the 10 percent of IT budget on security that it currently sets aside,” he added.

In July, the government announced a new £21m fund to protect the NHS’s 27 major trauma centres from cyber attacks. But there are more than 200 trusts that don’t qualify for the funding and it’s feared that many may be left behind.

One hospital trust’s CIO told the i newspaper in July that WannaCry was the price it paid “for a very long-term under-investment in IT infrastructure”.