Livingston firm exposes true extent of NHS data vulnerability

The potential for information to go missing within NHS Trusts could be wider than originally thought 

As the NHS battles back after a global cyber-attack, a new survey has revealed deep underlying problems in how it copes with data breaches.
That’s according to Crown Records Management, a records storage specialist based in Livingston, whose study found that 20% of healthcare organisations don’t have a comprehensive information governance programme in place and 76% don’t upgrade servers regularly.
Its research shows NHS Trusts are failing to invest in upgrading servers and do not always have robust policies in place to cope with breaches.
The survey, which polled IT decision makers in healthcare organisations, also found that:
  • A fifth say their organisation does not have a comprehensive information governance programme in place. Another 9% don’t know if it does or not
  • 74% do not regularly upgrade servers
  • 13% have already reported a data breach at their organisation
  • 16% either don’t know who to report a breach to – or are unsure
  • 7% don’t know what constitutes a breach
  • Only 43% are ‘very confident’ staff are adequately trained and aware of their responsibilities around preventing data breaches
The results come hot on the heels of a survey into preparations for the forthcoming EU General Data Protection Regulation, which will bring in huge fines for organisations which suffer a data breach after May 2018.
The figures showed that nearly a fifth of NHS Trusts had cancelled preparations for the Regulation in the mistaken belief that it would not apply to them after Brexit – and 9% admitted they didn’t even have plans to train staff on data protection.
John Culkin, Director of Information Management at Crown Records Management, believes the results are worrying.
He said: “The results show there is a lot of work to do in the NHS to protect itself against cyber-attack by keeping systems up to date and putting robust systems in place.
“For a fifth of IT decision makers in healthcare to say their organisation does not have a comprehensive information governance programme is quite shocking.
“But there are many other issues to consider, too. The potential in NHS Trusts for information to go missing is pretty obvious and this kind of data breach can be damaging – and costly – too.
“We have also found that many Trusts are blind to the potential for long-term information to become impossible to access in future if it is stored in formats that become obsolete over time. This may well be the next big problem to hit healthcare if servers are not upgraded and action is not taken to ensure long-term digital preservation of key data.
“It is certainly a tough time for the industry but also the right time to review information management and governance across all NHS Trusts and to take control of the problem.”
Sponsored by