Redscan: NHS lacks cybersecurity knowledge

NHS cybersecurity knowledge

A series of freedom of information requests (FOI) from Redscan, a cybersecurity company, has revealed that NHS staff have a limited amount of cybersecurity knowledge.

Redscan revealed that the lack of cybersecurity skills is leaving the NHS at increasing risk of cyber attacks.

Redscan found that, on average, NHS Trusts employ just one member of staff with security credentials per 2,628 employees. It added that some large hospitals, with around 16,000 staff, do not have any staff with the relevant skills and qualifications.

“Individual trusts are lacking in-house cybersecurity talent and many are falling short of training targets,” said Mark Nicholls, director of cybersecurity at Redscan. “The extent of the discrepancies is alarming, as some NHS organisations are far better resourced, funded and trained than others.”

According to the report, NHS trusts have spent spend an average of £5,356 on security data training over the last 12 months, but this did not include free in-house NHS Digital tools.

The report states that NHS Digital requires 95% of staff to undertake mandatory training every 12 months, but only 12% of trusts had met the 95% target.

The NHS lack of cybersecurity protection was highlighted last year after the WannaCry attack cost the NHS £92m. NHS trusts were left defenceless last year because security recommendations were not followed.

Funding to improve NHS cybersecurity knowledge

In the wake of the attack, the government plans to give NHS trusts an additional £150m over the next three years, as part of their efforts to reduce the imbalance of cybersecurity knowledge within the healthcare sector.

“These findings shine a light on the cybersecurity failings of the NHS, which is struggling to implement a cohesive security strategy under difficult circumstances,” explained Redscan director of cybersecurity, Mark Nicholls.

“Individual trusts are lacking in-house cybersecurity talent and many are falling short of training targets; meanwhile investment in security and data protection training is patchy at best. The extent of discrepancies is alarming, as some NHS organisations are far better resourced, funded and trained than others.”

Related Posts

Menu