Nearly a Quarter of NHS Trusts Have No Qualified Cybersecurity Staff

By Gary Cutlack on at

Freedom of Information requests filed with the UK's network of NHS trusts appears to show that many are woefully unprepared for a future in which they rely on computers more than fax machines, with 24 of the 108 NHS trusts asked for staff data saying they have literally no one on the payroll vaguely qualified in technical cybersecurity matters.

Maybe they wait for a kid who's fallen off a scooter to come in with a broken wrist and get him to do it all? "This X-ray machine keeps mining bitcoin in a tab that no one can get to close, so make it stop and we'll give you the nice painkillers and a few to take home to sell to your mates," is probably what doesn't happen at all, because that would be wrong, and NHS staff are way more professional than that.

According to requests filed by e-security provider Redscan there's a huge imbalance between security training provision in trusts, with some spending a few hundred on security training and others putting in as much as £78,000 per year, and boring old GDPR compliance training is by far the most common type of digital preparedness staff are taught. Redscan also found that trusts are failing to meet standards on information governance training, with only 12 per cent of trusts meeting the required standard that says 95 per cent of staff should have completed their IG training each year.

Hard to be too angry about this, though, as it's not really the main job of the NHS to stop hacks, is it? If each trust did employ a team of 20 highly-paid, full-time MI5 nerds to defend it from malware threats around the clock, there'd be even more outrage over wasted money. [Redscan via Techradar]

Image credit: Unsplash