A recent study concluded that, in January, almost 40% of data protection breaches in a particular healthcare sector were caused by hacking.
Although the figures are from one study, and the results are relevant for the area of the study, the risk of NHS Trusts, doctors and hospitals falling victim to a hack is a serious and ongoing concern.
The 2017 “WannaCry” cyber-hack that specifically targeted older and more outdated systems hit the NHS hard. In fact, the UK faced a practical crisis in the immediate fallout of the hack.
With the systems and software that the NHS use often being criticised for being out-of-date (which we can only assume is down to funding issues) the risk of a serious cyber hack is ever-present.
Malicious software like that used in the WannaCry incident targeted older and outdated systems because they were more vulnerable to attack. There is often a point where developers stop making new updates and patches for older and outdated systems and software because its expected that systems should have been upgraded / updated by then. But, where we have the NHS using older technology, those vulnerabilities can be left wide open to exposure.
Is the next NHS cyber-attack just a data protection breach waiting to happen?
Unless systems and software are kept up-to-date, anyone can be at a greater risk of being hacked.
Practically all computers and servers are now connected to the internet, so the door is right there for cyber-hackers to get through. In the same way that car thieves have been deterred by alarms and immobilisers, cyber-hackers need to be defended against by keeping systems secure.
So, unless the NHS shape-up when it comes to their cybersecurity efforts, it’s clear that they’re vulnerable to imminent attacks. Keeping systems updated costs money, so the next issue is how the NHS can afford to fund cybersecurity efforts.
But, when the new GDPR regulations come into force in May, they won’t have much of a choice. The costs in fines and penalties could be in the millions, and that’s surely not a risk that’s worth taking!
What you can do as a victim of an NHS cyberattack
When it comes to claiming for data protection compensation arising from cyber-attacks, the merits of the claim will often come down to what the organisation who has been attacked had done to ensure their systems were safe and secure.
It’s fair to say that no one is fully impenetrable, so we must look at these attacks on a case-by-case basis.
If it transpires that your private and sensitive medical information is compromised in an NHS cyber-hack, and the cause of the hack was that the NHS systems were not adequate enough, you may have a claim for NHS data protection compensation.
Having helped plenty of people claim for healthcare data protection breaches, we know how bad it can be when private – and often sensitive – medical information is breached, the problems can last a lifetime.