NHS trust signals positive response to data security

A Somerset NHS Foundation Trust has increased spending on data security fivefold since 2012, an FOI request has revealed

The Yeovil District Hospital NHS Foundation Trust has increased spending on cyber security fivefold since 2012, a freedom of information request has revealed.

The data was obtained by security firm Veracode as part of a wider study to examine information security investment trends in the UK healthcare sector.

The major UK political parties have made financial pledges to support the health service ahead of the election, and digitisation of the health service is likely to be central to any pledge to make improvements.

At the same time, healthcare data is expected to become a top target in 2015 because it typically includes personal and financial data.

According to security firm Websense, there has been a 600% increase in attacks targeting healthcare data in the US in the past year because it is so valuable for enabling identity theft.

In an environment still transitioning millions of patient records from paper to digital form, many organisations are playing catch-up when it comes to protecting personal data.

Websense security researchers expect cyber attacks against the healthcare sector to increase in 2015, particularly because of the drive to consolidate and share data to improve services.

In the past year, NHS England’s controversial and delayed Care.data scheme for sharing patient records has highlighted concerns about information security in the UK healthcare sector.  

The health sector faces the unique challenge of ensuring that highly sensitive personal data is accessible in emergencies, while remaining highly secure, said Carl Leonard, Websense principal security analyst.

But the data from Yeovil demonstrates the importance the trust is placing on protecting confidential patient information, said Chris Wysopal, chief information security officer and co-founder of Veracode.

The data shows that total spending on information security technologies increased from £8,250 in 2012 to £41,546 in 2014.

In particular, the information provided by the trust revealed a significant new investment in mobile device management (MDM) in the past year.

Spending on MDM technologies increased from £37,825 in 2013 to £16,800 in 2014, representing more than 40% of the total data security budget. 

“As part of the government’s aim of creating a paperless NHS, more and more information on patients’ identities and their medical requirements is being held online in digital form, and it’s critical to prevent cyber criminals from accessing this sensitive information,” said Wysopal.

“With cyber attackers increasingly targeting web and mobile applications, it’s encouraging to see that the trust is taking the steps necessary to reduce the risk of data breaches by preventing malicious applications from being downloaded by employees onto their mobile devices,” he said.

Wysopal said investment in cyber security is understandably on the rise, as cyber attackers increasingly use more sophisticated tools. 

“At the same time, organisations rely increasingly on web and mobile applications to operate, which further increases the attack surface available to cyber attackers,” he said.

Read more on Privacy and data protection