NHS patients ‘at risk’ because of poor online practices


NHS patients are being put at risk because trusts are not protecting their data online, an investigation by Sky News has found.

It found a lack of investment in cyber protection by seven NHS trusts who were also using out of date systems.

The seven trusts, which serve more than two million people, spent nothing on cyber security in 2015, the joint investigation with security experts Hacker House found.

Hacker House was able to find misconfigured email servers, outdated software and security certificates, along with NHS trusts’ emails and passwords, through public searches.

Jennifer Arcuri, co-founder of Hacker House, told Sky News: “I would have to say that the security across the board was weak for many factors.

“Out of date SSLs, out of date software, it was very clear that you could bypass any number of these trusts just by doing the right recon online.

“So if I was an adversary looking to get into any of these trusts or take advantage or change, manipulate or send communications on behalf of a doctor, I could, just because the information was already there.”

Gary Colman, an NHS employee attached to the West Midlands Ambulance Service who conducts penetration testing of trusts, told Sky News: “It’s a game of cat and mouse to be honest.

“It’s ever evolving. And trying to stay on top as both a hacker, an ethical hacker, but also from the point of view of NHS IT teams, is just a huge task.

“We find varying levels of IT security within the NHS, and local government as well. Some organisations are very very secure, others need a little more attention.

“At the end of the day if someone hacks into an NHS trust, somebody could die.”

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Recommended for you

Leave a Reply

Your email address will not be published. Required fields are marked *