In May 2017, the U.K.’s National Health System (NHS) realized it needed to improve security measures—not only for itself, but for the sake of patients’ safety—after being gravely affected by the global WannaCry cyber-attack. In Securing NHS Data in the Digital Age, Palo Alto Networks/Vanson Bourne study (Palo Alto Networks is Security Roundtable’s parent company) of 100 NHS IT decision-makers, every single respondent recognized the importance of keeping NHS data secure. But board members and C-level executives might wish to note that nine out of 10 NHS IT decision-makers also expect that prioritizing cybersecurity can unlock the NHS’s digital potential beyond cyber issues.
Cyber Consequences: For healthcare organizations, the consequences of cyber-attacks, such as ransomware, can be vast. In the NHS’s case, patient appointments and operations had to be canceled, costing the NHS millions of dollars each day and threatening patients’ lives. Another consequence was the inability to share records among different NHS branches, cited by 39% of responding IT decision-makers. This has potential to slow efficiency to a halt and, again, could be vital to the welfare of patients being transferred. Clearly, these consequences have direct monetary cost, but the impact on patient welfare is even worse.
Obvious/Non-Obvious Rewards of Redesign: Mitigating the effects of cyber-attacks is an obvious benefit of prioritizing cybersecurity. But what is more, 90% of survey respondents believe that prioritizing cybersecurity will unlock the NHS’s digital potential and bring more widespread benefits, including regaining the trust of patients who have lost confidence in how the NHS stores data about them. In addition, according to IT decision-makers surveyed, prioritizing cybersecurity as part of a complete digital system redesign will help streamline processes and improve the ease of doing online diagnoses—all of which will ultimately lead to long-term cost savings. On average, survey respondents estimated that the cost savings from improved cybersecurity alone would pay for 250 additional nurses and 150 additional doctors.
Importance of Cyber Training: While 41% of IT decision-makers see cyber-attacks as one of the biggest threats to the NHS, only 22% of those decision-makers believe front-line staff would say the same—suggesting that non-IT staff might not grasp the potential consequences outlined above. Further, even though 71% of IT respondents say they’ve received adequate cybersecurity training themselves, 92% say the NHS could use better cyber-security education, overall. In fact, just over four in 10 suggest that all staff be trained, as opposed to only IT staff. Organization-wide training could help all employees—from IT specialists to doctors and nurses—learn to prioritize data security as part of their regular routine.
Beyond the main purpose of keeping people healthy, security of the NHS’s ever-increasing volume of patient data is becoming more and more important. But data security and the welfare of patients goes hand in hand. Redesigning NHS systems to prioritize cybersecurity will help meet demands and save money, increasing the ability to more effectively and efficiently treat patients.
To download the full report, Securing NHS Data in the Digital Age, click here (simple registration required).