Survey suggests most NHS Trusts do not secure Wi-Fi

Lack of encryption on wireless networks could mean NHS Trusts are breaching data protection rules

Some 82 per cent of NHS Trust facilities do not encrypt their wireless network traffic, leaving sensitive data such as personal and medical records exposed to unauthorised users, according to the results of a survey conducted by research company Orthus.

Orthus randomly selected 40 NHS Trust facilities, and tested their networks on foot and on public transport to simulate a "drive-by-hacking attack". Once the source was identified, it was tested for the security characteristics of the network.

The results indicate that only 18 per cent of the Trusts tested were encrypting their traffic, leaving 82 per cent unencrypted and susceptible to attack.

"This survey found that, generally speaking, NHS facilities deploying wireless systems have done little to secure them - in spite of warnings," said the report.

"The majority of the systems we found were still on manufacturer default setting, with virtually no security defences enabled.

"The results of this survey are truly revealing. NHS Trusts deploying wireless technology seem to be doing very little to secure their systems, and their data can be potentially accessed by unauthorised personnel with very little effort," said the report.

"Clearly this has significant Data Protection Act implications."

Furthermore, almost half (47 per cent) of the Trusts had not changed the default settings for the systems prior to implementing them. This is a concern as default passwords for most manufacturers can be found on the internet.