Security Fears as Government Prepares £4 Billion NHS Project

Written by

Security experts have warned that new government plans to digitise the NHS could be undermined if cybersecurity is not improved.

Over £4 billion is to be spent on a new program to create a more efficient, IT-driven health service.

This will include £1.8bn to turn the NHS ‘paper-free’ and remove outdated technology like fax machines; £750 million to transform out-of-hospital care; and £400m to build new apps, an site and provide free Wi-Fi, according to the BBC.

The government hopes that putting more services online will improve the quality of patient care and save money, although the details of the project are still being worked out.

Once it is completed, everyone in the UK should be able to access their own electronic health record—which will be shared between relevant healthcare professionals—and upload medical data to it.

The government also wants at least 10% of patients to access GP services on their PC, smartphone or tablet by 2017, the report claimed.

But while around £1 billion is set to be spent on cybersecurity and privacy initiatives as part of the ambitious project, experts have warned that the track record of the health service on such matters has been pretty poor.

John Smith, principal solution architect at Veracode, cited research from the app security vendor last year claiming that 69% of apps it tested in the healthcare sector failed to meet basic security standards.

Just 43% of identified flaws were fixed.

“Healthcare apps were also found to have a particularly high prevalence of cryptographic flaws which is rather worrying given that encryption is one of the key technologies needed to protect sensitive data,” Smith argued.

“It’s vital that all applications which access confidential data are fully tested and protected from vulnerabilities which could be an easy target for cyber criminals wishing to damage the NHS or profit from the wealth of sensitive data it holds.”

Intel Security’s director of government relations, Gordon Morrison, added that the NHS faces serious security and privacy challenges in its quest for digitisation.

“That’s why it’s vital that the digital NHS plan is underpinned with a dedicated cyber strategy that can enable secure transformation that protects data from outsider threats,” he argued.

“This approach will mean doctors, nurses and patients can enjoy world class digital health services and operate with genuine confidence in the increasingly connected online world.”

What’s hot on Infosecurity Magazine?