The Channel logo


By | John Leyden 30th September 2016 12:36

NHS trusts ‘complacent’ on cloud app security risks

Do we block unsanctioned ones? Well half of us think we do...

Almost half of NHS Trusts make no attempt to monitor cloud app usage, according to the results of a Freedom of Information request.

The same FOI by cloud security firm Netskope also revealed that fewer than one-fifth of NHS Trusts have visibility into all cloud app use, leaving sensitive data vulnerable to both risky apps and malicious behaviour.

The FOI request was issued to 80 of the UK’s Acute NHS Trusts, with 43 organisations responding. Just over half of NHS Trusts (53 per cent) who responded believe all unsanctioned cloud apps are completely blocked, yet at the same time fewer than one in five NHS Trusts (19 per cent) confirmed that all cloud app use is monitored.

A third (30 per cent) of respondents were unsure how many cloud apps – both sanctioned and unsanctioned – were used by employees. While a further 35 per cent were able to pinpoint a specific number of cloud apps in use, the figures given were extremely low at an average of just 10.4 cloud apps per NHS Trust. This is compared to the 824 cloud apps found on average in organisations across EMEA in studies outside healthcare.

The findings of the FOI fall against a backdrop of a push to make more use of mobile apps and wearable technology as a source of patient data combined with a growing appetite for sensitive medical data amongst cyber criminals.

Jonathan Mepsted, managing director UK at Netskope, said: “While the NHS has shown great commitment to digitally transforming the patient experience, our data shows a concerning lack of awareness – both in terms of the potential security threats stemming from the cloud and also the data being stored and shared by employees through cloud apps. Given the NHS deadline to go paperless by 2020 and the resulting push towards a digital-first strategy, NHS Trusts will need to ensure the correct security controls are in place in order to remain vigilant to the possible threats posed by cloud apps and take proactive measures to secure data in the cloud.”

Failure to get a handle on apps leaves hospitals at risk of breaching data compliance rules, Mepsted warned.

“Although apps offer significant productivity benefits, when left unchecked they can also pose serious risks for organisations such as fines for non-compliance and reputational damage. The healthcare sector in particular handles a huge cross-section of sensitive data, including large amounts of personally identifiable information relating to citizens’ health,” he added. ®

comment icon Read 11 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe