The Audit Commission has published a report into IT abuse in the public sector, revealing that 47% of reported cases of misuse involved accessing inappropriate material over the internet.
The report, ‘ICT Fraud and Abuse 2004’, which covers NHS Trusts as well as police and local authorities, said that there was a sharp increase in people caught viewing inappropriate material such as pornography over the past three years. Around 16% of reported cases of IT abuse were in the healthcare sector, say the Audit Commission.
The main cause of the problem, according to the report, is a lack of knowledge and communication about IT policies to staff. However, employers also tended to think the impact of staff viewing questionable material was quite low. "Management needs to be unambiguous in what it regards as acceptable behaviour," the report argued.
"Wholesale reliance by organisations upon technology presents the obvious risk of the consequences of that service being deliberately disrupted," added the report, arguing that denial of service attacks, in which systems are clogged by floods of malicious traffic, are becoming an increasing risk for the public sector.
The increase in new technology being used over the past few years, including wireless communications and PDA, is also a cause for concern, particularly because 64% of those in the public sector consider them as only low-to-medium security risks.
Although data protection breaches remained low, they remained an ongoing concern. Only 49% of public sector staff know whether their organisation had a data protection officer. According to the survey, of the individuals who were disciplined for invasion of privacy, 71% were reprimanded and 29% were dismissed.
Wayne Stone, Deputy Director of Operations for the NHS Counter Fraud Service told E-Health Insider: "The NHS Counter Fraud Service has had a number of successes of dealing with fraud cases that involve IT. The creativity of fraudsters and the development of new technology will always allow new opportunities for fraud to be created, and the NHS CFS has to be ever vigilant to identify and stop these potential new frauds.
"To take one example, a deputy director of Finance for an NHS Ambulance Trust was found to have fraudulently manipulated the electronic ordering system to order clothing for his personal use, later amending the electronic orders by switching off the auditing system.
"In addition some cases have involved falsifying the generation of prescriptions by members of staff who have manipulated IT systems to hide the prescribing, while other types of fraud include hacking into electronic phone switchboards and accessing numbers to call abroad."
Steve Bundred, chief executive of the Audit Commission, said: "ICT security is only as effective as the staff within the organisation, and too often we are finding that staff are unsure of their role. If we fail to get this right, we risk eroding the confidence of citizens in the electronic systems that underpin public services."
The survey was carried out at the end of last year among 407 public sector organisations, of which 86 (21%) were healthcare-related.