Two-thirds of UK healthcare organisations breached last year
Nearly three years after WannaCry laid waste to IT systems across the NHS, an apparent institutional failure to address lax cyber security measures has been highlighted by a new report from Clearswift, which has claimed that 67% of UK healthcare organisations experienced some kind of cyber security incident during 2019.
Clearswift – which is owned by US automation and security specialists HelpSystems – enlisted Vanson Bourne to survey IT leaders and decision makers in healthcare organisations, and found that 48% of all incidents were virus or malware infections that occurred through the use of uncleared and unsecured third party devices, such as internet of things (IoT) enabled equipment, or USB thumb drives.
Other factors in attacks on the health sector included the sharing of information with unauthorised recipients (39%), users failing to follow protocol or data protection policies (37%), and users clicking on malicious links in emails or on social media (28%), suggesting that user education in the industry is not being taken seriously either.
“The healthcare sector holds important patient data, so it’s alarming to see such high numbers of security incidents occurring in the industry,” said Alyn Hockey, Clearswift’s vice-president of product management.
“The healthcare sector needs to securely share data across departments and organisations to facilitate excellent patient care.
“With the proliferation of third-party devices in this process, it’s more important than ever that the industry bolsters its cyber security efforts to reduce the risk of everything from unwanted data loss to malicious attacks and focusses on keeping patient data safe and secure.”
Clearswift said the number of incidents also reflected serious constraints on IT spending capabilities in the healthcare sector, with under a quarter of respondents saying that they had “adequate” levels of budget allocated to security.
There was also a disparity between where decision makers were spending what little cash they had, and where it might be more usefully deployed. For example, 46% of respondents said they were investing in database security, but just 26% said they were paying into frontline endpoint security.
“Understanding what is threatening the safety of the critical data you hold is the first step in mitigating the risk,” said Hockey. “Therefore, cyber security strategies across healthcare organisations need to rapidly evolve to account for new threats against the sector.”
“While many aspects of staying secure come from keeping employees trained to recognise threats, technology should play a key role in helping reduce the risks that come with innovation. It’s not a case of ‘if’, but ‘when’ an incident occurs so investment is required to ensure healthcare organisations are prepared for any type of threat.”
However, said Clearswift, there were also encouraging signs that the healthcare industry might be starting to turn things around – and while too many organisations were still finding themselves attacked – boards were sitting up and taking notice, at least in part thanks to WannaCry, which 33% said had had a big impact on board-level involvement and spend in security. Others cited the American Medical Collection Agency (Amca) data breach of June 2019, which saw the details of millions of Americans leaked.
Previous research conducted by Clearswift has produced similar statistics relating to cyber attack volumes – whether successful or not – in other verticals.
Last year it revealed that 70% of UK companies in the financial sector had suffered some kind of security incident, and nearly half of these were caused by employee failure to follow their organisation’s security protocols or data protection policies.
source computerweekly
Industry: Cyber Security
Latest Jobs
-
- New Business Sales lead | UK - Cyber Security | New Logo sales
- United Kingdom
- Uncapped OTE
-
New Business Sales lead | UK - Cyber Security | New Logo sales UK Remote An established EMEA technology organisation is hiring a senior New Business Sales lead to take ownership of UK growth. An opportunity built for someone ready to take advantage of competitors who have taken their eye off the ball and turn that into sustained market share. This role is for someone proven. A self-starter who does not need micromanagement, knows how to win market share, and wants the backing of a larger business while building success their own way. You will lead and shape new logo acquisition, define and execute go-to-market strategy with regional leadership, and drive growth across cybersecurity, digital transformation, Microsoft modernisation etc. This is a new business sales role, with budget and full sales lifecycle responsibility. The goal being to build a wider a sales function beneath you as revenue scales. Experience across Financial services, manufacturing, industrial etc helpful. UK-based, remote-first, client-facing when needed. Competitive base salary with uncapped earnings.
-
- Business Development | Healthcare | Warm accounts | UK
- England
- N/A
-
Business Development | Healthcare | Warm accounts | UK Healthcare Cyber Security UK Based An experienced Business Development Manager is required to drive new cyber security revenue across a warm healthcare account base. This role is focused on new business and account growth, engaging healthcare organisations to understand risk, priorities, and operational challenges, and positioning appropriate cyber security solutions and services. Key Responsibilities Drive new business sales into a warm healthcare account base Develop and close new opportunities across healthcare organisations Build senior level relationships with IT, security, and procurement stakeholders Own the full sales lifecycle from first conversation through to close Work closely with technical pre sales and delivery teams Experience Required Proven B2B new business sales experience within cyber security or technology Healthcare sector experience desirable Strong consultative sales and closing capability Ability to achieve UK Security Clearance is required UK based with flexibility to travel What’s on Offer Warm accounts with new business focus Clear revenue ownership Competitive base salary with uncapped commission
-
- Technical Pre Sales Cybersecurity Consultant. Healthcare
- England
- N/A
-
Technical Pre Sales Cybersecurity Consultant UK Remote | Healthcare Focus Overview We are seeking an experienced Technical Pre Sales Cybersecurity Consultant to support healthcare organisations by delivering advisory, solution design, and security uplift services. This role focuses on improving security outcomes, addressing operational challenges, and enabling informed technology decisions across complex and regulated environments. The position blends technical pre sales expertise with a consultative approach, working closely with clinical, technical, and commercial stakeholders to shape effective cybersecurity solutions. The individual must be able to achieve UK Security Clearance. Key Responsibilities Provide technical pre sales support across cybersecurity solutions and services for healthcare organisations Engage stakeholders to understand security challenges, risks, and operational pain points Deliver advisory guidance and recommendations to strengthen security posture and resilience Translate customer requirements into clear, outcome focused technical and commercial solution designs Act as a trusted technical advisor throughout the sales and early delivery lifecycle Produce clear technical documentation, recommendations, and customer facing materials suitable for regulated environments Collaborate closely with sales, delivery, and technical teams to align solutions with customer needs Experience and Skills Proven experience in technical pre sales or cybersecurity consultancy Experience working within healthcare or other highly regulated sectors Broad knowledge of cybersecurity technologies, managed services, and risk based approaches Strong communication skills with the ability to engage both technical and non technical stakeholders Confident operating in a client facing, consultative role UK based role with remote working Occasional travel for customer engagement as required
-
- Contract Technical Pre Sales Cyber Security Healthcare. SC clearance needed
- England
- Outside IR35
-
Contract Technical Pre Sales Cyber Security Healthcare Outside IR35 Contract | UK Remote | Healthcare Focus Existing SC clearance is required. Overview Seeking an experienced Technical Pre Sales Cybersecurity Consultant is required to deliver advisory and uplift services across complex healthcare organisations. This Outside IR35 contract operates on a consultancy basis, focused on improving security outcomes, addressing operational pain points, and supporting informed Cyber Security decisions. The role combines deep technical pre sales capability with consultative advisory delivery, working across clinical, technical, and commercial stakeholders to shape effective and proportionate cybersecurity solutions. Responsibilities Provide technical pre sales consultancy across cybersecurity solutions and services within healthcare environments Engage senior stakeholders to understand security challenges, risks, and operational pain points Deliver advisory guidance and uplift recommendations to improve security posture, resilience, and maturity Translate healthcare requirements into clear, outcome focused technical and commercial propositions Act as a trusted technical advisor throughout the pre sales and early engagement lifecycle Produce concise technical documentation, recommendations, and advisory outputs suitable for regulated healthcare settings Experience Strong background in technical pre sales or cybersecurity consultancy Experience working with healthcare or other highly regulated environments Broad understanding of cybersecurity technologies, managed services, and risk based security approaches Ability to communicate complex technical concepts to both technical and non technical audiences Comfortable operating independently in a client facing advisory role