Historical underinvestment in IT systems and the growing value of personal healthcare information to cyber criminals is contributing to a rising threat of data breaches at hospitals. The challenge can seem daunting, but taking a controlled, risk-based approach can ensure cost-effective protection.
The latest figures on data breaches make sobering reading for managers across the healthcare sector.
The Information Commissioner’s Office (ICO) recorded more than 400 incidents involving personal data and 20 cyber security data breaches across the sector in a single quarter.
If those figures were not alarming enough then the penalties recently levied on organisations over data breaches certainly are.
The ICO recently fined British Airways and Marriott Hotels a combined £282m, the first it has levied under the new GDPR regime.
It’s worth noting that both those fines were significantly under the maximum penalty of 4% of turnover, which for a typical large hospital could be in the order of £25m and upwards.
The risk of such huge penalties means data security needs to be firmly on the risk register of every healthcare provider in the country.But while investment in cyber security has increased significantly across the NHS following 2017’s high profile Wannacry attack, pressure on budgets inevitably means IT spend is always competing with other local priorities.
The scale of the challenge – exacerbated by the fact that infrastructure and systems in the sector are often years behind latest best practice – requires an intelligent, cost-effective approach.
From our work across a wide range of industry and public sector clients, we know that attempting to resolve all the potential threats in one go is unrealistic and is also not a prudent approach.
To address the complex challenge of prioritisation of investment, we have developed a risk-based approach to developing and implementing data security.
The methodology, drawing on our deep experience in the energy and defence sectors, looks at the threats faced, the probability of those threats being carried out and the likely impact. This means hospitals can get a clear picture of how best to prioritise projects to improve security.
By taking this approach, organisations will minimise the risk whilst also making the best and most effective investment possible.
To find out more about Gemserv’s services within the Health Sector, please do contact us via the form below.