12.12.18
Quarter of trusts spent no money on cyber security last year as NHS’s ‘alarming’ cyber training inconsistencies revealed
One in four NHS trusts in England and Wales are spending no money on specialist cyber security or training and trusts are consistently failing to meet training targets in the wake of the devastating WannaCry attack, a new report has found.
The NHS’s cyber resilience has been described as “alarming” and investment as “patchy at best” by cyber security experts as NHS trusts were found to be spending as little as £238 on cyber security training.
Redscan submitted Freedom of Information requests to 226 NHS trusts over a three-month campaign, with 43 confirming they had not allocated any funding at all for cyber security between August 2017 and August 2018.
Mark Nicholls, Redscan’s director of cyber security, commented: “These findings shine a light on the cyber security failings of the NHS, which is struggling to implement a cohesive security strategy under difficult circumstances.”
On average, trusts employ just one qualified security professional per 2,582 employees, and nearly a quarter have no employees with security qualifications.
The research found no correlation between the size of trusts and its cyber security spending, with trusts with up to 16,000 employees found to not have any formally qualified security professionals but others spending up to £78,000 on training.
The WannaCry ransomware attack cost the NHS £92m in lost appointments in May 2017 and from the IT support brought in to restore data and systems.
A £150m deal was announced earlier in the year to strengthen the NHS’s cyber security in response to the health service’s inadequate cyber resilience.
Nicholls said: “Individual trusts lack in-house cyber security talent and many are falling short of training targets; while investment in security and data protection training is patchy at best. The extent of discrepancies is alarming, as some NHS organisations are far better resourced, funded and trained than others.”
He explained that as the cyber security gap continues to grow it becomes “incredibly hard” to find enough people with the right knowledge and experience, especially as they have to compete with wages in the private sector.
Image credit - mattjeacock
Enjoying NHE? Subscribe here to receive our weekly news updates or click here to receive a copy of the magazine!