Compliance & Strategy

A quarter of NHS Trusts failed to finance cybersecurity measures last year


Research conducted by cybersecurity company Redscan found that one in four National Health Service (NHS) trusts across England and Wales invested no money into cybersecurity protocols to prevent threats and potential hacks.

According to the information collected, no money was spent on internal training or recruiting external talent to mitigate the risks, and instead relied on the NHS Digital, which runs the whole IT operations for the health system across the country, to provide them with free training.

The cybersecurity firm polled 226 NHS Trusts by submitting Freedom of Information (FOI) requests, which revealed that 43 had failed to allocate any money at all for cybersecurity measures, whilst 67 did not even respond. Only three spent over £40,000 on defence mechanisms, with one going the distance with £78,000 for additional layers of security.

The research demonstrated that there was no correlation between the size of the trust and how much funding was allocated for security. Medium-sized trusts, with anywhere between 3,000 and 4,000 employees, set aside a range of £500 to £33,000 for cybersecurity in the August 2017 to August 2018 period.

It was found that, on average, only one cybersecurity professional for every 2,582 workers was employed to maintain systems and prevent an attack, and only 12 per cent of all the trusts had reached their goal of training 95 per cent of all its staff under the NHS Digital cybersecurity guide.

Director of cybersecurity at Redscan, Mark Nicholls, said: “Individual trusts are lacking in-house cybersecurity talent, and many are falling short of training targets. The extent of the discrepancies is alarming, as some NHS organisations are far better resourced, funded and trained than others.”

He advocated for a more consistent approach to implementing cybersecurity measures and training on a national level in order to holistically reduce the imminent threat of a cyber attack.

Such research comes in light of the May 2017 WannaCry security breach which impacted a number of international institutions, one of which was the NHS. In response, MPs warned just last month that the reason for the nationwide security instability was down to the lack of political direction and leadership, and steps ought to be taken imminently to keep at bay the threat of a future hack.

A spokesperson at the Department of Health and Social Care said: “Cybersecurity is a priority for this government and funding is provided to NHS Trusts based on their specific needs and capabilities.

“Over 60 million was invested last year for critical infrastructure, and there will be a further 150 million over the next three to improve resilience across the health and care system.”

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *