Investing in cybersecurity could save NHS £15 million annually

Money saved could pay for 400 more healthcare professionals

NHS IT managers, questioned about the importance of data security, told Palo Alto Networks that more can be done to cultivate a ‘robust' cybersecurity culture within the organisation. Such a culture is important to avoid or mitigate the effects of more WannaCry-like attacks on front-line services and can be achieved through training and education, they said.

Improving cybersecurity was described as ‘essential' to improving patient care within the NHS by 90 per cent of the managers questioned. 49 per cent said that it would streamline processes; and 45 per cent that it would lead to long-term cost savings.

Respondents estimated that investing in cybersecurity could save the NHS up to £14.8 million annually, on average - enough money to employ an additional 150 doctors and 250 nurses.

41 per cent of NHS IT managers felt that all staff should receive specific security training. Currently, such training was said to only be provided to certain job roles, such as administrators (30 per cent), doctors (11 per cent) and nurses (six per cent).

Almost two-thirds (65 per cent) of managers said that better cybersecurity would lead to higher levels of patient trust. Most felt that patients already have a good (81 per cent) or complete (67 per cent) level of trust in the NHS; but 25 per cent felt that trust was ‘minimal'. 16 per cent thought that patients put very little trust in how their data could be used by the organisation.

Improvements still to be made for GDPR

Palo Alto found that NHS IT decision makers are generally well informed about the upcoming GDPR. 83 per cent have had guidance from senior management about compliance, and 95 per cent said that they are aware of what is required for compliance.

Confidence was found to be relatively high, with 58 per cent of respondents expecting their own NHS organisation to be ready by March 2018. However, more than three quarters (77 per cent) are aware that their organisation's IT systems still need to be improved to ensure compliance.