Health Service Focus


Tackling old and new threats to data security

Source: NHE Nov/Dec 16

Andrew Rose, senior policy officer at the Information Commissioner’s Office (ICO), discusses what actions NHS organisations can do to improve their data security compliance.

Cyber-attacks are a growing concern in the NHS, but the majority of data security breaches are still down to manual issues, according to the ICO. 

Recently the regulator released its data security incident and trends statistics for Q1 in 2016-17, which, once again, showed that the health sector continued to account for the most data security incidents. 

Andrew Rose, senior policy officer at the ICO, noted that this is due to the combination of the NHS making it mandatory to report incidents, the size of the health sector, and the sensitivity of the data processed. 

However, the latest data saw a 26% increase in the number of data security incidents in the health sector compared to the previous quarter (from 184 in Q4 2015-16 to 232 in Q1 2016-17). 

Asked what the main incidents were, Rose explained that the top three included data being posted or faxed to the wrong recipient; loss or theft of paperwork; and data being sent by email to the incorrect recipient. 

“A lot of these incidents could be avoided,” he said, adding that improving training is one of the big issues that have come out of a number of its enforcements. 

“I think that organisations need to make sure it [training] is happening and is relevant to the job role if they can,” explained Rose. “It doesn’t mean designing a course for every department, but it should be something that is a little bit more nuanced than e-learning once a year. It also shouldn’t be done once and forgotten.” 

Earlier this year, Dame Fiona Caldicott’s review recommended that the CQC should integrate measures for compliance with updated data security standards into their ‘Well-Led Inspections’ regime. This is a move that the regulator is taking forward.

Rose added that the CQC picking up on information governance in its inspection regime “should help enforce the fact that this stuff needs to happen. You need to record that the training is happening”. 

The ICO policy officer added that NHS organisations must also look at the policies and procedures they have in place. If you think about things being sent to the wrong recipient, Rose said, is that the fact that someone has not been trained or isn’t there a procedure in place for them to follow.Although the regulator produces a lot of advice and guidance, which helps NHS organisations understand what the issues are in terms of data and helps them with the questions to ask, Rose noted that it won’t help them with what solutions need to be put in place. 

“That is where CareCERT comes in, and they have the link with the National Cyber Security Centre,” he said. “That should be a key route to support. 

“I think that is where NHS organisations should get the expert advice from CareCERT, because they are set up and geared-up to provide that.” 

Despite there being an increased threat of cyber-attacks, especially Ransomware attacks against the NHS, which should not be neglected, Rose told NHE that as well as putting measures in place to mitigate these threats, the NHS must address the issue that the “majority of incidents still come down to manual errors”.

Tell us what you think – have your say below or email


There are no comments. Why not be the first?

Add your comment


national health executive tv

more videos >

latest healthcare news

Lord Kerslake quits as trust chair in protest against NHS underfunding

11/12/2017Lord Kerslake quits as trust chair in protest against NHS underfunding

Lord Kerslake has resigned as the chairman of a major hospital trust in London in protest against historic underfunding in the NHS. The respect... more >
CQC praises ‘proactive’ Hartlepool services in care integration review

08/12/2017CQC praises ‘proactive’ Hartlepool services in care integration review

The CQC had praise for the health and care system in Hartlepool as it continued its programme of 20 targeted reviews of integrated care. The... more >
Government launches inquiry into Ian Paterson case

08/12/2017Government launches inquiry into Ian Paterson case

A national inquiry has been launched into the malpractice of Ian Paterson. Earlier this year the breast surgeon was sentenced to 20 years in pri... more >

editor's comment

25/09/2017A hotbed of innovation

This edition of NHE comes hot on the heels of this year’s NHS Expo which, once again, proved to be a huge success at Manchester Central. A number of announcements were made during the event, with the health secretary naming the second wave of NHS digital pioneers, or ‘fast followers’, which follow the initial global digital e... read more >

last word

The Refugee Doctor Initiative

The Refugee Doctor Initiative

Terry John, co-chair of the BMA & BDA Refugee Doctors and Dentists Liaison Group and chair of the union’s international committee, talks about a brilliant initiative that is proving mut... more > more last word articles >
681 149x260 NHE Subscribe button

the scalpel's daily blog

Ten lessons to support new care models locally

29/11/2017Ten lessons to support new care models locally

Anna Starling, policy fellow at the Health Foundation, offers the top 10 lessons for local leaders seeking to make systematic improvements across services, all based on first-hand accounts from vanguard officials. Redesigning health and social care services across traditional boundaries is not easy. Making change in complex environments, with differing professional viewpoints and varying organisational priorities while getting on with t... more >
read more blog posts from 'the scalpel' >


The equality equation that doesn’t add up

29/11/2017The equality equation that doesn’t add up

There’s a theory that innovation springs from embracing and valuing our differences, so why do we sometimes behave as though diversity of t... more >
CQC: Beyond traditional boundaries

29/11/2017CQC: Beyond traditional boundaries

Professor Ted Baker, chief inspector of hospitals at the CQC, discusses the mixed findings of this year’s major State of Care report. ... more >
A balancing act: commissioning in the new world of accountable care

29/11/2017A balancing act: commissioning in the new world of accountable care

Ruth Robertson, policy fellow at the King’s Fund, considers how CCG responsibilities and relationships will change and evolve as the NHS mo... more >
Mortimer: Waterproofing the NHS workforce

22/11/2017Mortimer: Waterproofing the NHS workforce

With the NHS facing worker shortages, tight budgets and major recruitment issues, Danny Mortimer, chief executive of NHS Employers, explains how ... more >
Realising the power of data

22/11/2017Realising the power of data

Nick Hirst, chief information officer at the National Institute for Health Research (NIHR) Clinical Research Network, outlines how his organisati... more >


Cutting through the fake news

22/11/2017Cutting through the fake news

In an era of so-called ‘fake news’ growing alongside a renewed focus on reducing stigma around mental health, Paul Farmer, chief exec... more >
Tackling infection prevention locally

04/10/2017Tackling infection prevention locally

Dr Emma Burnett, a lecturer and researcher in infection prevention at the University of Dundee’s School of Nursing and Midwifery and a boar... more >
Scan4Safety: benefits across the whole supply chain

02/10/2017Scan4Safety: benefits across the whole supply chain

NHE interviews Gillian Fox, head of eProcurement (Scan4Safety) programme at NHS Supply Chain. How has the Scan4Safety initiative evolved sin... more >
Simon Stevens: A hunger for innovation

25/09/2017Simon Stevens: A hunger for innovation

Simon Stevens, chief executive of NHS England, knows that the health service is already a world leader when it comes to medical advances – ... more >
Improving care at the touch of a screen

08/08/2017Improving care at the touch of a screen

When it comes to dementia, having a calm and safe environment can have a substantial impact on a patient’s quality of life. NHE’s Jos... more >