What can Hospitals do to Avoid Cyber Attacks?

What can Hospitals do to Avoid Cyber Attacks?

With reports of a rise in cyber attacks about English NHS hospital trusts in 2016, it’s a reminder that although hospitals need to protect their patients and staff from viruses, not all viruses are physical. Hospitals need protection from digital viruses as well.

The problem

Research by the Ponemon Institute in America discovered that 94% of medical organizations in the United States had experienced cyber attacks in 2013. Attacks in the UK are not at this level yet, but 55 NHS hospital trusts suffered from cyber attacks last year, compared to just 16 the year before.

NHS Digital supervises the organisation’s cyber security. It claimed that the figures do not necessarily represent an increase in attacks, but an increase in reporting attacks.

However, WannaCry made the public realise how vulnerable the NHS can be, and it is right to fear that unless security is strengthened, the number of attacks will continue to grow.

Many NHS administration procedures still use paper, but more procedures are set to be computerised in the future, which will increase the risks of cyber attacks.

There are several steps that hospitals can take to protect themselves.

Spend more money

Employing more cyber security personnel and installing security systems costs money. Oliver Farnan of the Oxford Cyber Security Centre argues that the NHS does not spend enough on cyber security. He said:

“Money is only really spent on security once everything else is up and running and in place… it always comes second.”

Create a security culture

Not all security measures cost a lot of money. Educating the workforce in order to establish a security culture can be achieved without breaking the bank. The staff need to think about security every day, and can be trained in how vulnerabilities arise.

Take backups

Many threats come from ransomware that encrypts files and demands money to unencrypt them. If files are continuously backed up, any ransomware is all but ineffective.

Ensure mobile security

Cyber threats are not confined to the computer systems that hospital staff use. Increasingly, staff use mobile devices and need to be aware of privacy and security issues that affect them. In most instances, mobile devices should not be able to connect to the main hospital IT network.

Prepare for the unexpected

Most cyber attacks are not expected. As well as backups, recovery systems need to be installed. If a cyber-attack cripples the hospital IT system, a recovery plan should get the system up and running again in a matter of minutes.

Keep physical devices secure

In a busy hospital, at any one time there will be hundreds of staff, patients and visitors who have access to areas where there is computer equipment. Equipment needs to be secure so that computer towers and monitors cannot simply be lifted up and taken away by unauthorised persons.

With the NHS looking to become paperless by 2020, hospital administration is becoming increasingly reliant on IT systems, and like any major organisation, cyber security personnel need to protect the IT systems from unauthorised access and cyber attacks.

You can read our own WhitePaper on the risks within the NHS “The Security Superbug – Patient data leaks on the rise” here.

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • RANT Events
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001





Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?


Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you


Thank you for successfully uploading your CV.

Acumin Alerts


Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.



Thank you for submitting your vacancy.


Create an account to register your contact details, sign up for job alerts and upload your CV


Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management

Submit a Vacancy

Use the form below to submit a vacancy