Seven NHS trusts spent nothing on cybersecurity in 2015

NHS trusts are putting patients at risk by neglecting cybersecurity, an investigation by Sky News has uncovered.

It found that trusts were using outdated software and security certificates, misconfigured email servers, while NHS trusts' emails and passwords could be easily found through public searches.

Jennifer Arcuri, co-founder of online security experts Hacker House who helped carry out the investigation, said: "It was very clear that you could bypass any number of these trusts just by doing the right recon online.”

When Sky News asked every NHS trust in Britain how much they had spent on cyber security in 2015, seven of them - serving more than two million people - had spent nothing.

Of the 97 NHS trust that responded, 45 were unable to specify their cybersecurity budget.

The 52 trusts that did revealed a postcode lottery when it comes to cybersecurity with the average annual spend for an NHS trust being £23,040, while six spent at least £100,000. 

Back to listing