Confusion over data ownership in healthcare is the reason why the sector has a poor reputation when it comes to preventing data breaches and cyber security issues.
That's according to Dr Siraj Ahmed Shaikh, reader in cyber security and leader of the digital security and forensics research group at Coventry University, who was commenting in response to a report suggesting the healthcare and pharmaceutical sectors lag behind others in cyber security.
Dr Shaikh told Computing that while the report only "offers a partial view of the situation" IT and cyber security strategies within healthcare, particularly the NHS, do offer some cause for concern.
"Healthcare I find suffers from a poor reputation when it comes to IT deployments and project success, at least in the UK," he said, citing lack of data ownership as the main underlying reason for this.
"My assessment is that this is because of a lack of clear ownership in this sector: who owns the risk? Who is most likely to suffer in case of a breach? This in turn offers little incentive to the wider sector to find an optimal security balance."
Dr Shaikh also argued that the complicated nature of healthcare, combined with a lack of current government interest in fixing the issues, are further reasons as to why the sector is struggling with cyber security.
"Another visible reason is the highly complex nature of this particular sector in terms of data ownership, management and access, technological advances in diagnostic and health technologies - and their integration with other existing IT systems - and, more importantly, a lack of leadership and government interest," he said, suggesting the authorities are focused elsewhere.
"At a time when other critical infrastructures are under significant threats from disruption and espionage, we know why policy-makers are distracted from healthcare and pharmaceutical sectors," he concluded.
There have been a number of healthcare data breaches within the past year, including one at Great Ormond Street Children's Hospital, which saw sets of sensitive information improperly stored then sent to the wrong addresses.