The majority of UK adults (87%) are concerned about NHS data security, according to a survey commissioned by IT marketplace company Probrand.
A third (34%) became concerned after the 2017 NHS ransomware attack in 2017, which saw thousands of appointments cancelled and, according to the National Audit Office, more than a third of trusts in England disrupted.
“The research clearly indicates the ongoing reputational risk and damage of cyber threats like the NHS ransomware attack,” said Matt Royle, marketing director at Probrand.
“It has impacted perceptions of the wider public sector and beyond.”
The research comes ahead General Data Protection Regulation (GDPR), a binding EU regulation that aims to strengthen and unify data protection for individuals within the EU.
From its implementation on 25 May, companies that fail to comply will be liable to fines of up to €20 million, or 4% of global turnover.
“Importantly, as the depth of personal data has increased along with the threats to acquire this valuable data, the EU has applied measures to make organisations more accountable for data protection,” said Royle.
In response to the survey, security operations lead at NHS Digital’s Data Security Centre Chris Flynn said: “We are proud of our role in helping protect citizens’ data and maintaining public trust in the services the health and social care sector provide.
“We offer support and guidance on cyber security issues to health and care organisations through a range of services.”
He went on to list the steps that NHS Digital take to protect citizens’ data, including a weekly intelligence bulletin sent to staff identifying new and emerging threats, a dedicated portal for NHS organisations to demonstrate a plan for high-severity alerts, and non-intrusive vulnerability scanning.
Across NHS trusts, there have been over 200 on-site assessments and follow up reports, identifying problems to fix in local infrastructure.
The NHS also has a Custom support Agreement with Microsoft and is working with the National Cyber Security Centre (NCSC).
In the event of a major incident, CareCERT SMS will be used to send a text message to alert and update departments, as well as directing staff to NHS Digital’s external website for the latest information.
Probrand’s research, which surveyed 500 UK adults, found similar levels of concern with the Driver and Vehicle Licencing Agency (80%), the Police force (78%), and Her Majesty’s Revenue and Customs (85%).
The trend extended across the public sector as a whole, with 83% uneasy about sharing information with public sector organisations.
“Private and public sector organisations must reassure customers about the security measures they have and ensure best practice policies and procedures are in place to train and direct employees, encrypt, store, backup and transport personal and business critical data securely,” said Royle.
“Now is the time for organisations to bring their data protection up to speed and regain customer trust in the services they provide in doing so.”