The Health Services Journal (reporting an investigation by More4 News) says that NHS computer systems were infected by more than 8000 viruses in the last year, most of which would have been avoided if the NHS Trusts concerned had kept their anti-virus software up-to-date.
This would be worrying enough (consequences described included the breakdown of patient appointment systems), but the complacent response of the Department of Health is breathtaking.
According to the HSJ:
“The revelation that NHS trusts have been poor at keeping their anti-virus software up to date has provoked concerns that they are vulnerable to viruses that could cause confidential patient data to be disseminated.
“But a spokesman for the Department of Health said the electronic patient records systems provided through the national programme for IT were “protected by the highest levels of access controls and other security measures”.”
However, my understanding has always been that once an individual machine has been compromised – depending on what malware has been installed – then all the data accessed or stored by that machine is potentially vulnerable. So if so many Trusts are failing to maintain up-to-date anti-virus software, then confidential patient data IS at risk.
The Department of Health spokesperson went on to say that:
“local NHS trusts were legally responsible for complying with data protection rules and were expected to record any breaches.”
So that’s all right then …….