The data was obtained by security firm Veracode as part of a wider study to examine information security investment trends in the UK healthcare sector.
The major UK political parties have made financial pledges to support the health service ahead of the election, and digitisation of the health service is likely to be central to any pledge to make improvements.
At the same time, healthcare data is expected to become a top target in 2015 because it typically includes personal and financial data.
According to security firm Websense, there has been a 600% increase in attacks targeting healthcare data in the US in the past year because it is so valuable for enabling identity theft.
In an environment still transitioning millions of patient records from paper to digital form, many organisations are playing catch-up when it comes to protecting personal data.
READ MORE ON IT IN HEALTHCARE
- Care.data – where next?
- Care.data goes ahead with CCG pilot
- NHS England unveils plans to deliver digital by 2020
- Interview: Tim Kelsey, national director for patients and information, NHS
- How the HSCIC rebuilt NHS Spine
- Electronic document management – a paperless cure for the NHS?
- CIO interview: Stephen Hale, head of digital, Department of Health
- NHS patients in England to have online medical records by April 2015
- NHS e-Referral service delayed until spring 2015
- Walgreens and Dunnhumby look to digital health in the cloud
In the past year, NHS England’s controversial and delayed Care.data scheme for sharing patient records has highlighted concerns about information security in the UK healthcare sector.
The health sector faces the unique challenge of ensuring that highly sensitive personal data is accessible in emergencies, while remaining highly secure, said Carl Leonard, Websense principal security analyst.
But the data from Yeovil demonstrates the importance the trust is placing on protecting confidential patient information, said Chris Wysopal, chief information security officer and co-founder of Veracode.
The data shows that total spending on information security technologies increased from £8,250 in 2012 to £41,546 in 2014.
In particular, the information provided by the trust revealed a significant new investment in mobile device management (MDM) in the past year.
Spending on MDM technologies increased from £37,825 in 2013 to £16,800 in 2014, representing more than 40% of the total data security budget.
“As part of the government’s aim of creating a paperless NHS, more and more information on patients’ identities and their medical requirements is being held online in digital form, and it’s critical to prevent cyber criminals from accessing this sensitive information,” said Wysopal.
“With cyber attackers increasingly targeting web and mobile applications, it’s encouraging to see that the trust is taking the steps necessary to reduce the risk of data breaches by preventing malicious applications from being downloaded by employees onto their mobile devices,” he said.
Wysopal said investment in cyber security is understandably on the rise, as cyber attackers increasingly use more sophisticated tools.
“At the same time, organisations rely increasingly on web and mobile applications to operate, which further increases the attack surface available to cyber attackers,” he said.