Despite government pledges to up cybersecurity spending across the NHS, there are still huge disparities in cybersecurity skills and spending on cybersecurity training, a survey has revealed.
Many trust are also likely to fail to meet training targets on information governance, according to the findings of a three-month GOI campaign by security firm Redscan that surveyed more than 150 NHS trusts.
The findings come after the government pledged to spend an additional £150m on cybersecurity in the wake of the WannaCry attack in 2017 and a review of lessons learned from the WannaCry attack published in February 2018 called for both local NHS organisations and national bodies to improve their cybersecurity skills and resilience.
The FoI request revealed that NHS trusts lack in-house security talent, with an average of just one member of staff with professional security credentials per 2,628 employees.
The data shows that some large trusts (with up to 16,000 employees) have no formally qualified security professionals at all.
Several NHS organisations that employ no qualified cybersecurity professionals reported having staff members in the process of obtaining relevant security qualifications, which is perhaps an indication of the difficulties of hiring trained professionals.
The data revealed that cybersecurity and data protection training is patchy, with expenditure on cybersecurity training over the past 12 months ranging from less than £250 to nearly £80,000 per trust, with no apparent link between the size of trust and money spent.
On average, NHS trusts spent £5,356 on data security training, although a significant proportion conducted such training in-house at no cost or only used free NHS Digital training tools.
A significant proportion of trusts have spent nothing on specialist cybersecurity or GDPR training for staff, requiring only that all their employees complete free information governance (IG) training provided by NHS Digital.
Return to internet news headlines
View Internet News Archive