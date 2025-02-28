Frontline and backend NHS staff alike all understand the role they have to play in protecting Britain’s health service from cyber threats, but only a minority believe that current safeguarding measures are sufficient, according to BT research that sheds light on cyber concerns, legacy system risks and training gaps across the NHS.

BT, which works with over 200 NHS trusts around the country, polled both health service workers and members of the public.

In the wake of several high-profile cyber attacks against NHS targets and suppliers, its study uncovered “strong public awareness” of how critical appropriate security measures are to keep the health service running, but also found that 60% of the public are concerned that critical systems could be disrupted or disabled, and 56% are concerned about their private medical data being exposed by malicious hackers.

Among NHS staff, it found that despite the near-universal acceptance and understanding of their responsibilities, only 36% believed the health service was currently adequately able to defend itself, and just 42% trusted that existing systems were sufficiently robust to protect sensitive data.

Additionally, 64% of NHS staff lamented “outdated” systems that they said make data hard to access and use, and 60% reported a lack of regular security training.

Natasha Phillips, former chief digital nurse to NHS England, founder of Future Nurse and BT Clinical Advisory Board (CAB) member, said: “In healthcare, cyber security isn’t just about protecting data; it’s about protecting lives. Nurses are often the first point of care. To deliver life-saving and compassionate treatment, they depend on easy access to secure systems.

“As we embrace digital innovation, we must ensure that all clinicians have the confidence, training and tools to work safely and free from disruption. Ultimately, building a resilient NHS requires a united effort, where technology, training and trust come together.”

Read more about cyber security in healthcare More cyber attacks against the health service are likely, and will succeed if something isn’t done to address the increasingly elderly NHS IT estate, experts are warning.

Healthcare cyber security and privacy experts predict a renewed focus on cyber-resilience, advancements in AI and additional privacy legislation going into 2025.

UnitedHealth's Change Healthcare attack continued to show the devastating aftermath of supply chain attacks. Experts say it could change contingent language for future policies.

BT director of healthcare Sultan Mahmud said: “The NHS is rightly focused on saving lives, so it can be hard to stay ahead of cyber security threats with the landscape shifting so quickly.

“Threats targeting healthcare have grown in frequency and sophistication, endangering patient care and compromising vital services,” he said. “BT logs 2,000 signals of potential cyber attacks every second , totalling 200 million per day across sectors. With over 1.7 million employees , the NHS is the UK’s biggest employer, so empowering this workforce is vital.

“Across the NHS, high awareness of cyber risk is overshadowed by a lack of preparedness. Moreover, significant frustrations with legacy systems are affecting care, exacerbating training gaps.”

Mahmud, who prior to joining BT worked across the NHS in various capacities – most recently as chief innovation, integration and research officer at Royal Wolverhampton Hospital NHS Trust – acknowledged the pressing nature of the cyber challenges faced by the health service, as well as the importance of collaboration to address them.

“Through initiatives like our Clinical Advisory Board and Vanguard Programme, BT Health is enabling collaboration between healthcare, policy and business to drive meaningful change,” he said. “A cyber-resilient NHS will be a better NHS for everyone.”