A QUARTER of NHS trusts spent no money on specialist cybersecurity training in the past year, a Freedom of Information request has revealed.
Security outfit Redscan, which submitted FoI requests to 226 NHS trusts and received responses from 159, found that expenditure on cybersecurity training over the last 12 months ranged from less than £250 to nearly £80,000 per trust, with no apparent link between the size of trust and money spent.
A number of mid-sized trusts - ranging from 3,000 to 4,000 employees - spent anywhere between £500 and £33,000 in the 12-month period.
What's more, a "significant proportion" of trusts have spent nothing on specialist cybersecurity or GDPR training for staff, requiring only that all their employees complete free Information Governance (IG) training provided by NHS Digital.
The data - which has been exposed 18 months after WannaCry struck the NHS and forced the cancellation of 19,000 appointments - also reveals that, on average, NHS trusts have just one member of staff with professional security credentials per 2,628 employees, while some large trusts with up to 16,000 total employees have no formally qualified security professionals whatsoever.
These figures confirm that just 12 per cent of trusts had met their target so far of having 95 per cent of staff trained by NHS Digital in cybersecurity by the end of March next year.
Some trusts that were quizzed claimed they had staff members in the process of obtaining relevant security qualifications, which Redscan suggests is likely an indication of the difficulties hiring trained professionals.
"These findings shine a light on the cybersecurity failings of the NHS, which is struggling to implement a cohesive security strategy under difficult circumstances," quipped Redscan director of cybersecurity, Mark Nicholls.
"Individual trusts are lacking in-house cybersecurity talent and many are falling short of training targets; meanwhile investment in security and data protection training is patchy at best. The extent of discrepancies is alarming, as some NHS organisations are far better resourced, funded and trained than others." µ
Put a Ring-Con on it
We know. We're as surprised as you are
It's available across all major UK networks