Research finds that NHS cyberattack vulnerability could risk patient data

3 Oct 2019

Image: © bongkarn/

Research carried out at Imperial College London has called for urgent steps to be taken to secure the NHS.

A report presented to the UK’s House of Lords has warned that the country’s health service is continuously vulnerable to cyber threats, and has called for urgent steps to be taken “in order to defend threats which could risk the safety of patients in the UK”.

The research, carried out by Imperial College London’s Institute of Global Health Innovation, suggests that a combination of outdated computer systems, lack of investments, and a deficit of both skills and awareness is placing NHS hospitals at risk.

Personal health data has been found to be three times more valuable to hackers than credit card information, according to research by global cybersecurity company Carbon Black.

The authors of the report further stressed the need to incorporate security into the design of various cutting-edge technologies being used in medicine, such as robotics, artificial intelligence, implantable medical devices and personalised medicines based on an individual’s genes.

‘Weaknesses that compromise patient safety’

“We are in the midst of a technological revolution that is transforming the way we deliver and receive care,” said professor Ara Darzi, who led the research.

“But as we become increasingly reliant on technology in healthcare, we must address the emerging challenges that arise in parallel. For the safety of patients, it is critical to ensure that the data, devices and systems that uphold our NHS and therefore our nation’s health are secure.

“This report highlights weaknesses that compromise patient safety and the integrity of health systems, so we are calling for greater investment in research to learn how we can better mitigate against the looming threats of cyberattacks.”

The report outlines a number of key measures it hopes NHS trusts will implement to better secure patient data, such as employing cybersecurity professionals in hospital IT departments, building ‘firebreaks’ between different areas of the network so that certain segments of systems can be isolated in the event of an attack.

Eva Short was a journalist at Silicon Republic