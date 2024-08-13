Of the five missions outlined by Keir Starmer’s government in the King’s Speech on 17 July 2024, one stands out above all others in the minds of the UK public: ‘Building an NHS fit for the future.’

According to a recent Ipsos poll of 1,001 adults in Great Britain, 69% of respondents say that this mission is the most important to them. This is way ahead of the second-place response, ‘Making Britain’s streets safe,’ cited by just 35% as their top priority. It ranks far higher than the other three missions, which focus on economic growth (26%), clean energy (19%) and childhood opportunities (19%).

As a security specialist, this finding is striking because, without a significant rethink of how data relating to patients and their care is secured and managed, these longed-for improvements in NHS services remain frustratingly out of reach.

A better picture Of course, I recognise that improved cyber security and better data management are only part of a far wider picture. And that picture isn’t a pretty one, featuring countless backlogs and delays resulting from years of underinvestment. But hear me out. The UK public wants better care and patient outcomes from the NHS. I believe that if NHS resources - from appointments with consultants to the availability of MRI and CT scans - were more effectively shared across NHS trusts, then an uplift in patient outcomes would surely follow. A patient waiting months for surgery in Manchester, for example, might be more than willing to travel to Sheffield if it allowed them to have their operation more quickly. But for this scenario to work, data would also need to be shared more effectively across NHS trusts. And it’s no secret that current cyber security practices within the health service aren’t in alignment with that approach. Vast quantities of structured and unstructured data reside across a wide range of back-end systems, each allocated a particular purpose, whether that’s electronic health records, laboratory results, medical images and so on. Most NHS cyber security teams, as under-resourced and under-equipped as they are, must focus on locking down every system used by their specific trust to the best of their abilities, using a portfolio of different and often outdated security technologies. It’s an untenable situation and often proves inadequate when tackling security threats, as demonstrated by last summer’s cyber attacks on London hospitals, which disrupted services and compromised patient data. The Computer Weekly Security Think Tank on cyber policy Ameet Jugnauth and Mark Pearce of ISACA: Cyber lessons and policies for the UK's new government.

