Nearly three-quarters of English NHS Trusts have limited or no training programs in place to teach staff how to use their mobile devices securely at work, according to a new Freedom of Information (FoI) request.
Secure content firm Accellion filed the request to find out more about levels of cybersecurity in the health service.
It found that smartphones and tablets were used in the workplace at 71% of NHS Trusts, but worryingly, similar numbers admitted to having no kind of formal training in place to keep data safe.
This is despite the risk of lost or stolen devices or other accidental data leakage via smartphones and tablets.
In fact, 80% of Trusts supply at least some staff with a mobile device, while staff at just over half of Trusts (59%) access patient records and other NHS data, the request found.
According to PwC’s 2015 Information Security Breaches Survey, 15% of large organizations had a data breach involving smartphones or tablets last year, a 7% increase from a year previous.
And accidents caused by employees or contractors accounted for 26% of breaches—more than organized crime (23%).
Apparently unlike many NHS Trusts, 70% of large organizations have now issued a policy to cover how such devices should be used, that report claimed.
Yorgen Edholm, CEO and president at Accellion, warned that hospitals could be exposed to even greater risk with the advent of wearable technology and the WYOD trend.
“Data breaches are continuing at an alarming rate, yet a cybersecurity mindset is still not ingrained at every level of the NHS Trusts. From the latest hire to the most tech-savvy employee, cybersecurity must be top of mind,” he argued.
“With the increasing use of wearable devices, employees are going to be the weakest link in the security ecosystem.”
Worryingly given their current security posture, 92 per cent of NHS Trusts questioned plan to use smartphones, tablets and/or applications to allow employees to shared content, in a paperless initiative set for 2018.
Photo © Oleksly Mark