Some might wonder why banking isn’t at the top. Surely, that’s where the big bucks are at?
But if you’ve been keeping up with our blogs, you’ll know that healthcare is not only a bigger target, but also one that can be easier for breaches to occur. It’s no secret that our National Health Service is struggling under immense pressure with increased patient numbers, continual budgets cuts, and “overworked and underpaid” staff.
With these financial struggles comes the inability to afford top quality cyber security and updated operating systems; leaving the healthcare system wide open to breaches and attacks.
For healthcare institutions, the priority is usually to provide care for patients and save lives, and cyber security often takes a back seat even when healthcare providers are relying more and more on advanced digitalisation for more efficient access to medical records.
Unfortunately, this neglect on cyber security has taken its toll on hospitals, care centres and even universities that have health research facilities. According to recent investigations, a shocking 43% of all data breaches in the U.K. were from the health sector.
The Information Commissioner’s Office Study
The Information Commissioner’s Office (ICO) is in charge of investigating and enforcing data protection, yet despite the numerous fines and penalty sanctions, cyber security is still often put to the bottom of the priority pile.
The ICO’s study revealed the main cause for data breaches is not from hacking or malicious viruses, but human error. This was echoed across every industry in the U.K., with admin errors often to blame for data being mistakenly revealed, publicised or lost.
Whilst third party malicious attacks are still present, they’re often more publicised in the media than cases of staff accidentally sending an email that breaches data protection, or accidentally uploading patient information online. In 2016, between October and December, 221 breaches were reported as follows:
- Loss of paperwork – 24%
- Data sent to the wrong recipient by post or fax – 19%
- Data sent to the wrong recipient by email – 9%
- Failure to anonymise data – 5%
The other thing to remember in case of healthcare sector breaches is that, in the case of malicious attacks, some operating systems in the NHS are outdated and lack the necessary digital security required to keep new and evolving malware and viruses out their systems. Old operating systems often receive no patches for protection, and they’re therefore more vulnerable to attack.
Not just the healthcare sector…
However, it’s not just the healthcare sector that needs to buckle up; all sectors have seen an increase in data breaches across the board. The number of data breaches and compromised data in the past few years has gone up in general, which could be for a number of reasons.
In this fast paced world where everything is increasingly digitalised and simplified for our ease of use and access, we sometimes forget to put up the safety nets in case we take a little stumble. With the increasing use of technology, we need to make sure its accompanying security is just as advanced. It’s counterproductive to build a super-efficient motorway if a simple error can derail everything and cause a mountain of damage. Why should our computerised systems be any different?
There has, of course, been increases in the reporting of breaches too.
Advice from regulators
The ICO provides the following advice:
- Know what you hold and where: be aware of what personal data you hold, and map where it goes
- Ensure your staff have good awareness of basic security: this is key to reducing the number of serious data breaches
- Don’t forget training: the off-site nature of work of a large number of community healthcare roles means there can be a low uptake of training
- Develop guidelines for taking patient information off site: this is commonly an area of information risk, and it’s key that staff are thinking about how information is looked after when it leaves the office
- Ensure central oversight of the records management process: the wide geographic area covered by many organisations means records management can be fragmented and inconsistent