Cyber security and the NHS in the wake of virtual outpatient appointments

Around 6,000 video appointments are taking place per day across health organisations.

Alan Bonfield, Director at Monmouth, explores what the increase in virtual outpatient appointments during Covid-19 and beyond means for cyber security

Virtual and video outpatient appointments have become the norm for many NHS and private patients since late March. It was already on the cards. The NHS Long Term Plan pledged to cut the annual 400 million face-to-face appointments provided by GP practices and hospital outpatients by one-third. However, Coronavirus has expedited this aim.

NHS providers all received access to video consultation technology as part of the Covid-19 response, converting thousands of outpatient appointments to digital ones. Around 6,000 video appointments are taking place per day across health organisations. There is also an impetus to better connect clinicians, healthcare providers and link-up patient data.

While this provides NHS trusts and GP practices with an opportunity to embed a more virtual-led approach into both primary and secondary care – it also has important implications for cyber security and protecting personal healthcare data.

In June, the National Cyber Security Centre reported an increase in cyber attacks on the NHS as hackers attempted to access sensitive data linked to COVID-19. Jeremy Fleming, director of GCHQ, said: “There is a lot of low-hanging fruit, still, in Cyber Security.”

He went on to explain that hackers were using basic vulnerabilities in NHS cyber security. “They’ll still try and use lures to get people to click on the wrong thing or will look for vulnerabilities where people aren’t backing up properly – or where they’ve got basic passwords and so on.”

There are two key areas where organisations can focus to improve/maintain their cyber security in the wake of increased technology use in the Healthcare sector:

  • Training and awareness of staff – Actions of individuals are an organisation’s biggest vulnerability when it comes to cyber security. Hackers intentionally attempt to gain access to systems by targeting members of staff via various routes including phishing and social engineering. Organisations that handle sensitive, personal and NHS data should ensure that staff are provided with regular security training and awareness to allow them to understand the risks and the signs to look out for.   Training can be supplemented with local campaigns that test staff reactions to phishing attacks through the use of simulations.

  • Infrastructure Security – Things change quickly in the world of technology and cyber criminals are becoming more sophisticated in their ability to exploit weaknesses in an organisation’s infrastructure.  An on-going programme of testing (vulnerability scanning and penetration testing) and remediation is recommended to ensure that an organisation maintains a secure environment and can assure its clients/patients that their data is secure.  

For more information about how Monmouth Partners are supporting organisations to protect NHS and healthcare data, visit , or contact Alan Bonfield, alan.bonfield@monmouthpartners.com, 07939129791.

This article only touches the surface of the enduring impact that Covid-19 will have on how the NHS does business.  There are a huge number of areas where customary business practice will need to rapidly catch up with what’s happened on the ground in the first half of 2020.

We will continue to explore these issues over the coming months.  In the meantime, if you’d like to discuss any of the points touched on in this article please get in touch.

How will Covid impact...

Are we now moving to Integrated Care Systems by default?

One of the most dramatic things coronavirus has done is force through health and social care transformation much more rapidly than has been possible before.

Covid-19 has highlighted how providers and commissioners can work together at a regional scale.  This is the time to capitalise on the response so far to ensure the health and care system is fit for purpose long term and works for patient populations at a health-economy level.

Are we now moving to Integrated Care Systems by default?

One of the most dramatic things coronavirus has done is force through health and social care transformation much more rapidly than has been possible before.

Covid-19 has highlighted how providers and commissioners can work together at a regional scale.  This is the time to capitalise on the response so far to ensure the health and care system is fit for purpose long term and works for patient populations at a health-economy level.

Latest content:

Before you Leave...

Subscribe to our mailing list and stay up to date with the latest from Monmouth Partners

Tracking the Pandemic and its impact

X