The lack of cyber security training that NHS trusts invest in has been labelled ‘alarming’
According to the Telegraph, around 25% of NHS trusts haven’t offered staff any kind of specialist cyber security training.
This amounts to just one person with professional security training per 2,628 NHS employees.
This is concerning for many, considering the impact of the WannaCry attack which some hospitals are still recovering from.
“Individual trusts are lacking in-house cyber security talent and many are falling short of training targets,” said Mark Nicholls, director of cyber security at Redscan, the company which made the Freedom of Information request to learn these worrying facts.
“The extent of the discrepancies is alarming, as some NHS organisations are far better resourced, funded and trained than others.”
The Freedom of Information request found that spending on training varied enormously, with trusts investing anywhere between £500 and £33,000.
WannaCry was caused by North Korean hackers and cancelled around 19,000 appointments in May 2017. It cost the NHS at least £92m to handle the aftermath.
The attack created criticism of the NHS’s often outdated technology.
Nicholls said: “These findings shine a light on the cyber security failings of the NHS, which is struggling to implement a cohesive security strategy under difficult circumstances.”
NHS records are extremely valuable for hackers if sold online, meaning they must be better protected. In an attempt to improve matters, the government has promised to spend £150m on modernising computer systems and their subsequent security.