NHS facing a financial crisis ahead of GDPR implementation

NHS facing a financial crisis ahead of GDPR implementation

Hackers may target new NHS tech to steal patients' medical records

New research from Digital Health Intelligence has revealed that only 55 percent of NHS Acute Trusts and 47 percent of mental health trusts have plans in place to comply with the upcoming General Data Protection Regulation (GDPR), thereby revealing that around half of such institutions are yet to create implementation plans for GDPR.

Information obtained by Digital Health Intelligence via a Freedom of Information request has revealed that 46 NHS Trusts have so far spent a combined £1,076,549 in order to implement GDPR, with the Luton and Dunstable Hospital Foundation Trust and the Lincolnshire Partnership NHS Foundation Trust spending in excess of £100,000 each.

Other NHS Trusts that also set aside significant sums for GDPR implementation included South Central Ambulance Service NHS Trust, St George’s University Hospitals NHS Foundation Trust, Sheffield Teaching Hospitals NHS Foundation Trust, and the Dorset HealthCare University. Most of their investments were geared towards training staff to effectively manage and secure sharing of confidential patient records and data.

Such NHS Trusts also spend a lot of money in the recent past on information security management systems, data flow mapping licences, software training, and configuration consultancy. However, there are also some NHS hospitals such as Royal Derby hospital, Goodmayes Hospital, and Alder Hey Children's NHS Foundation Trust who spent as little as £500 each on securing email systems or staff training.

Impending financial crisis

Digital Health Intelligence added that even though the NHS has received generous funding over the years, with its expenses rising from £78.8 billion in 2006/07 to £120.51 billion in 2016/17 and £126.26 billion in 2018/19, it is still facing a financial crisis.

"Years of mismanagement, bloated administration and rising costs for social care, mean resources are at breaking point. It is against this backdrop that the NHS faces a new challenge which threatens to add further strain to its resources; the General Data Protection Regulation (GDPR).

"In addition, the complexities and legal landmines facing NHS chiefs as they implement changes to adhere to this regulation are immense," the firm added.

It recommended that in order to avert a crisis in the near future, the NHS needs to establish a national programme for managing and funding the GDPR and should ask for additional funds from the Treasury to strengthen its cyber security. At the same time, the government should provide dedicated legal advice to enable all trusts to gain free consultancy on implementation.

“GDPR aside, the NHS will remain a high-value target for attackers due to the highly sensitive nature and the number of the patient healthcare records it holds. It must quickly get their house in order – not only to meet the GDPR but also to guard against the next ransomware attack. The WannaCry ransomware attack hit the NHS less than one year ago and its effects were devastating," says Matt Lock, Director of Sales Engineers at Varonis.

"The challenges are real. Like many large healthcare systems, the NHS must deal with legacy infrastructure that was not designed to handle the volume of data and operating systems in use today. They’ve got to address and replace outdated and unsupported systems as a first step, and this costs money.

"Spending £1m seems like a large investment, but after this funding is distributed across hundreds of facilities throughout the UK, the amount is likely to be far than adequate given the challenges facing the NHS. Organisations must stand accountable, address these issues and move forward quickly, perhaps faster than they may be accustomed to. Today’s technology and threats demand nothing less," he adds.


North Bristol NHS Trust wards off phishing attack that targeted 800 staff email accounts

NHS will replace all outdated systems by March 2018: Jeremy Hunt

Kent and Medway NHS Trust forced to apologise after employee accessed patient data

Copyright Lyonsdown Limited 2021

Top Articles

WhatsApp's New Privacy Policy Deadline Has Arrived

At the start of 2021, WhatsApp announced its privacy policy updates, sparking outrage and backlash from its consumers as WhatsApp will share personal information with its parent company, Facebook.

Overcoming the security challenge in remote working environments

The pandemic has changed the way we work. Remote working is no longer a nice-to-have for organisations, but a necessity especially if they want to attract the best talent.

President Biden pens Executive Order to boost US cybersecurity

US President Joe Biden signed an Executive Order this week to boost the cyber security of federal government systems and data.

Related Articles