A quarter of NHS trusts fail to finance cyber security

Freedom of Information (FOI) requests uncover huge resources and training discrepancies in NHS trusts on cyber security, the Financial Times online reports.

The alarming findings conclude that just one in four NHS trusts devoted no money towards shoring up cyber-security or expertise last year, despite 2018 being a watershed 12 months in global data protection.

The alarming conclusions come in the wake of a recent report put together by cyber-security firm, Redscan, which investigates the problems healthcare faces as the industry bids to meet data protection challenges of the 21st century.

The report was built upon FOIs submitted to 226 NHS trusts, 43 of which said they had channelled no funding into cyber security between August 2017 and August 2018.

The trusts concerned have instead looked to NHS Digital’s provision of free training, which caters to the UK’s health service.

Three of the trusts to respond divulged that they splashed over £40,000 on cyber security over the prescribed period, while another respondent said that £78,000 went towards improving defences.

Analysis showed that spending allocations did not correlate with the size of the trust in question, and that a number of medium-sized trusts (holding between 3,000 and 4,000 staff) invested anything from £500 to £33,000 over the year.

The report also revealed that just one properly qualified cyber-defence professional is employed for every 2,582 employees across all trusts, and that 12 per cent of the trusts surveyed had managed to meet the current target of having 95 per cent of workers trained by NHS Digital in cyber security by the end of March 2019.

Speaking on behalf of Redscan, the firm’s director of cyber security underlined the obligation on the shoulders of the health service to orchestrate a more unified and consistent approach in the face of modern-day hacking threats.

“Individual trusts are lacking in-house cyber security talent and many are falling short of training targets. The extent of the discrepancies is alarming, as some NHS organisations are far better resourced, funded and trained than others,” he said.

The findings come a month after MPs warned that UK security is being made more vulnerable for lack of political leadership and resources in sectors including hospitals, transport and energy.

The NHS was at the centre of a global cyber-hack scare in May of last year, when it was targeted by a hack later attributed to fraudsters in North Korea.

Speaking on behalf of the Department of Health and Social Care, a spokesperson said:

“Cyber security is a priority for this government and funding is provided to NHS Trusts based on their specific needs and capabilities.

“Over £60m was invested last year for critical infrastructure, and there will be a further £150m over the next three to improve resilience across the health and care system.”


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.