The UK's National Health Service (NHS) lost or misplaced nearly 10,000 patient records in the past year, highlighting the need for stronger security practices in the healthcare space in the wake of WannaCry and other attacks, according to a Monday report from think tank Parliament Street.
Some 9,132 patient records from 68 different hospitals had been reported missing or lost in the last financial year, the report found. University Hospital Birmingham topped the list, with 3,179 records missing or stolen, followed by Bolton NHS trust at 2,163 records. University Hospital Bristol saw 1,105 records lost, the report found.
"These incidents underline the need to improve security procedures around the management of health records within the NHS," said Barry Scott, EMEA CTO at Centrify, said in a press release. "With sales of health records on the dark web and identity fraud on the rise, the need to protect the privacy of patients whilst moving towards secure digital systems is both urgent and essential."
SEE: Cloud Data Storage Policy (Tech Pro Research)
The report collected information through a Freedom of Information request. It also found that the vast majority (94%) of NHS Trusts still use handwritten notes for patient record keeping, despite usually having an electronic record system in place, the report found.
Healthcare organizations are a top target for hackers, due to a lack of strong security systems and trained staff. The 2017 WannaCry ransomware attack hit the NHS particularly hard, affecting more than one third of NHS branches and leading the cancellation of 20,000 hospital appointments and operations, as well as patients getting diverted from emergency rooms unable to treat them. Some hospitals did not return to normal operations for weeks, as reported by our sister site ZDNet.
It's critical for every patient record to be treated as a high security priority, the report noted. The report offered the following two recommendations to the NHS to stay cybersecure:
1. Ban handwritten notes in hospitals
While it may be convenient to add a handwritten note to a patient's record, doing so leads to errors and potential security issues, the report said. The NHS should work toward implementing digital systems with records capture to avoid problems, it recommended.
2. Introduce a patient identity protocol
Patients should be offered up-to-date information about the status of their records, and the ability to access notes and updates from their healthcare professionals online, the report said.
The big takeaways for tech leaders:
- The UK's National Health Service lost or misplaced nearly 10,000 patient records in the past year. — Parliament Street, 2018
- 94% of NHS Trusts still use handwritten notes for patient record keeping, despite usually having an electronic record system in place. — Parliament Street, 2018
- 17 tips for protecting Windows computers and Macs from ransomware (free PDF) (TechRepublic)
- WannaCry ransomware report: NHS is still not ready for the next big attack (ZDNet)
- Ransomware: A cheat sheet for professionals (TechRepublic)
- Basic patching mistakes left NHS open to WannaCry attack (ZDNet)
- New cryptojacking attack uses WannaCry exploit to mine on Windows servers (TechRepublic)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.