This report is published at a time where cyber security is becoming a significant threat to the NHS. Over the next 12 months, NHS IT leaders expect cyber security threats to become a growing issue and a subject to more attacks, leading their organisation to increase spend in this area. The Digital Health NHS Cyber Security Survey Report, 2016 provides invaluable insight into types of cyber security attacks impacting the NHS, mobile device threats, preparedness of staff for cyber security threats and overall perceptions of the impact of cyber risks on the delivery of services. This report also outlines the current and future priorities of surveyed specialists within the cyber security arena from trusts and boards across the UK.
In the first dedicated survey of NHS IT leaders on cyber security risks, a quarter said their organisation had suffered disruption of access to systems and data as a result of a malicious external attack in the past 12 months. Nearly a fifth (18%) said that disruption to systems and data had occurred in the past 12 months due to email phishing or spear-phishing attacks; almost half (43%) said their organisation had suffered CryptoLocker style attacks in the past 12 months; and over a third (37%) said that they were aware of a security breach caused by staff within their organisation.
Looking forward to the next 12 months NHS IT leaders expect cyber security to become a growing issue and to become subject to more attacks. The overwhelming majority of respondents (87%) said they expect cyber security risks to increase in the next 12 months.
They also expect that greater sharing of patient identifiable data and records across health and social care will create new cyber security risks. Almost three-quarters (72%) said they expect greater sharing to increase cyber security risks.
Greater sharing of data with patients through digital patient services, a key component of NHS policy in the Five Year Forward View and Paperless 2020, is also seen as creating new risks. Over three-quarters (77%) said they expect it to create new risks.
However, despite the clear expectation of increased attacks and new vulnerabilities the survey responses suggest that NHS organisations are struggling to respond to the current and emerging challenges of cyber security”