Share this article on:
Following the WannaCry ransomware attacks that crippled many NHS Trusts, Palo Alto Networks commissioned a survey with Vanson Bourne on 100 IT decision makers in the NHS. The aim of the survey was to investigate the current state of cybersecurity in the NHS, determine how the NHS is prepared for GDPR data protection rules, and gauge the level of patient trust in NHS data handling.
Data Security is Now Being Prioritized
Cybersecurity is a critical if the NHS is to realize the full potential of digitalization to make improvements to patient care and to achieve cost savings. 90% of respondents believe cybersecurity must be prioritized to achieve those aims and 83% said cybersecurity was essential to make significant long-term savings. On Average, respondents believed an average of £14.8 million could be saved each year with appropriate cybersecurity investment.
While data security is vital, there are other benefits to improving cybersecurity. 65% of respondents believe better cybersecurity would improve patient trust, 49% believe it would allow processes to be streamlined, and 45% believe cost savings could be made as a result.
While technology can be used to secure systems and data, end users must also receive training. 41% of respondents thought specific cybersecurity training should be provided to all staff, yet only 30% of administrators, 11% of doctors, and 6% of nurses who access IT systems have received cybersecurity training.
Concerns Over Patient Trust in NHS Data Handling
The recent cyberattacks have had a negative impact on patients’ trust in how the NHS handles data, although most respondents believed that on the whole patients do trust the NHS to ensure their sensitive data remains confidential. 81% of IT decision makers believe patients have a good or complete level of trust in how the NHS uses their data and 67% of respondents believe patients trust the NHS to store their data securely. However, a quarter of IT decision makers believe patients only have a minimal level of trust in how the NHS stores and uses their data and 16% of respondents believe patients do not trust the NHS as far as data use and storage is concerned.
Preparedness for GDPR Compliance Deadline
The GDPR compliance date is fast approaching, with all entities required to comply with the new directive from May 25, 2018. The survey revealed that IT decision makers in the NHS are well informed about GDPR changes with 95% of respondents aware of what they need to do to ensure compliance.
16% of respondents thought the NHS was already GDPR compliant, while 58% said they think that the NHS will be compliance by May 2018. However, 77% believe there is still some way to go to ensure IT systems are improved to ensure compliance with the data handling requirements of the new Directive.