New data released today highlights challenges faced by National Health Service (NHS) trusts in monitoring connected devices and meeting compliance requirements.
Armis, an asset visibility and security company, obtained this data through a Freedom of Information (FOI) request to NHS trusts.
The findings reveal that NHS trusts face difficulties tracking and monitoring Internet of Medical Things (IoMT), Internet of Things (IoT), and Operational Technology (OT) assets. Mohammad Waqas, Principal Solutions Architect at Armis, commented, “The introduction of connected assets to healthcare is driving innovation and ultimately improving the delivery of care. However, its adoption has expanded the attack surface that now needs more oversight than ever.”
Of the NHS trusts surveyed, 15% acknowledged they are not tracking IoMT devices, while 20% rely on manual processes or spreadsheets. For IoT devices, 33% of trusts admitted to having no tracking method, and 10% use manual processes. Additionally, 10% of the respondents do not track OT devices in their environment.
The research shows that the lack of visibility and monitoring could not only increase vulnerability to cyber-attacks but also hamper trusts’ ability to comply with regulatory demands. Trusts need to know what is on their network to start complying, and this is difficult without adequate automation and resources.
In the survey, 38% of trusts stated that they do not have sufficient staff to meet the demands, and 23% lack the resources needed to replace outdated or unsupported medical devices.
When it comes to Data Security Protection Toolkit (DSPT) assessments, compiling evidence was cited as the most significant challenge. Although 82% of trusts can respond to NHS Cyber Alerts within 48 hours, many face difficulties in addressing issues within the mandated two weeks.
Waqas concluded, “Although the NHS is working hard, there are still crucial gaps that must be filled when it comes to addressing visibility, automating processes and satisfying compliance requirements.”
Recent Armis research identified nurse call systems, infusion pumps, and medication dispensing systems as high-risk connected medical devices in clinical environments.
According to a statement from the company:
“Recent Armis research identified the top connected medical devices that posed a high risk to clinical environments as nurse call systems, infusion pumps and medication dispensing systems. For information on how Armis can help address those challenges please email [email protected] or go to https://www.armis.com/nhs/. And, to understand how Armis’ new DSPT specific compliance dashboards and reports can enable simplification of the DSPT process see a 2 minute demo here.“
Armis will be attending Infosecurity Europe in London at the Excel Center on June 20-22, 2023 and will be located in booths W20.
This is the same organisation that fell prey to a ransomware attack because someone thought it would be a good idea to keep using Windows XP on internet-connected devices several years after the OS went out of support. I doubt IoMT is even on their radar.
Judging by the amount of NHS test results that dissapear into the NHS digital ether, I think they would be better off moving to typewriter and carrier pigeon, more bloody chance of results getting through! My brother in law, sister in law and wife all had to get tested for the possibility of a hereditary heart condition back on February, all went on the same same day to the same General Hospital, no results, no letters, no explanation, apart from all blaming each other for the lost results! Just “you had all better come back”…. Priceless, you couldn’t make it… Read more »
I had a doctor two nurses, a medical theater assistant (my wife) and a HR officer in my family. All now retired. The NHS have a lot of good people but my little crew could fill a book with the insanity that is the “modern” NHS. It has for all practical purposes had it and there isn’t one single politician with the balls to say so.
Very sad Geoff, I know of a few people who absolutely broke their hearts leaving the NHS for private medicine, one a seasoned mid wife and another long standing senior Nurse, both finally threw in the towel with the never ending insanity of the current culture and (it sadly has to be said) the amount of their younger colleagues swinging the lead and playing ‘the game’ for time off…. Hard working members of staff holding the whole thing up until they just burn out! Far more “stress related” absences there days, funny how you don’t get anywhere near the same… Read more »
Spot on.
Sad is the word John, and there is no one to fix it. There are ,I think, ways that help could be better targeted but in the end it’s just a huge money pit that will swallow what ever is thrown at it. To my mind the first thing to do is remove politics. None of the political parties are ever going to fix the mess that the NHS is in and party politics should not be part of it. I don’t what the format is. A Royal Commission? If I were Sunak I would stand up in the house… Read more »
We should really use the defence budget to make sure the NHS IT systems are secure, clearly a role for our cyber warfare specialist here, perhaps then we can count NHS IT support toward our 2% of GDP on defence spending.
Jim wrote: “”We should really use the defence budget to make sure the NHS IT systems are secure.” I can where you are coming from, but for a completely secure network you have start at the lowest denominator. I left the army 6 years ago and we were just migrating over to the new MOD net intranet from the Defence Information Infrastructure. (Dii) Dii afforded users different levels of access and in order to gain those you had to undergo hours of a online teaching program (yearly) which culminated in a test and you had to pass each test to… Read more »
I suspect that’s the entire defence budget spent then. 🙂
This is the tail wagging the dog. The NHS should be setting standards (alongside other medical organisations worldwide) for security for systems & medical devices so that suppliers know that if they meet those standards their kit will be secure but also will be able to integrate easily within the medical environment. There are Government agencies that I’m sure should want to lead the charge on this whilst leaving the medics to do what they are good at. 😀 We are in a new world now guys. Software on platform A can talk to software on any other platform securely.… Read more »
NHS are exactly the wrong people to set these technical standards.
The police don’t.
Sorry Dave I should have been more specific. There are Government agencies who should be aiding and checking the technical stuff however the medical requirements should be set by the NHS. Once the standards have been set hardware and software suppliers should be able to move quickly to provide robust solutions for medical organisations especially the NHS.
The police have NEP, as provided by the Home Office – I believe.
Presuming it is the same thing.
This subject highlights the sense of apathy engrained not only in the ranks of the Political elites who run the country regards security (Be if Defence, Policing or in this case Computers and computer networks) and the average person on the street who whilst happy to purchase an all-singing dancing computer (On which they shop, banks and communicate. Are more than happy to have no anti-virus software or if they do will go for the free versions (which is better than nothing) but what makes this situation even worse for everybody is the lax security people subscribe to such as… Read more »
Pay peanuts, get monkeys.
Few people have the mentality to work for a public service for the sake of it, vocation is the term.
Everyone else, is expensive. Not many of those.
DW wrote: “”Pay peanuts, get monkeys.”” If the NHS can hand over £70K a year for a diversity manager , they can afford to pay for somebody to look over their computer network. Not only that, but the NHS allows staff to retire and then has no problem rehiring them at previous wages whislt they receive their pension https://i.postimg.cc/yY5PpVgq/Opera-Snapshot-2023-06-20-190205-www-england-nhs-uk.png Contrast that with the army where if you leave after 22 years recieve your pension and then join up again as FTRS, you lose your pension (whislt you are back in uniform) and face cuts to your wages so you dont… Read more »
Cannot disagree.
You’re telling me Farouk, try no financial management! It runs like an old communist block command economy department, money thrown at it to ‘ make it work ‘ if it doesn’t, throw some more and carry on chucking money until it reaches a size the economy can’t support ( nearly there now), then finally as it starts to collapse under its own weight,privatisation, as there will be no other choice but to break up this enoumous unreformed mega department…. What emerges is an NHS commissioning body, (free at the point of use), sending people to private hospitals for treatment and… Read more »
Sorry that’s just not true..the NHS does not have money thrown at it..it gets very limited funding and it’s collapsing under trying to do to much with to little..we pay less per person per year than almost any peer….the private sector would never ever take on the health system at present cost envelopes….they want around 3-4 times more than the NHS gets paid…the government pay the NHS around 3-4k for a knee replacement…the private sector charge 12k. For a knee replacement… even this this is suppressed because people can still get it for free on the NHS…in the US a… Read more »
Hi Jonathan, Its an interesting one, as mentioned below, being an employee of the NHS brings many perks, way over and above the base wage and excellent pension, perks that are un-dreamt of in the private sector. For the record, I don’t believe the NHS should revert to a service led private model, its a simple fact that it is going to happen, as the current rate of finance and (I’m afraid to say) poor performance, shows a model that’s not working and is steadily heading off a cliff. £160 billon a year is no trivial amount of money, lets… Read more »
John the NHS is the epitome of a public private sector model, the NHS as most people understand it does not exist its not a monolith it’s actually around 20000 companies and organisations bound by contracts, the vast majority of those organisations are private ( GP practices are not NHS organisations they are independent businesses). Out of hours providers are all private sector organisations ( NHS 111 is totally private ). The big issue are the hospitals..it’s a simple fact the NHS will not pay the money the private sector requires to run a modern hospital…we pay peanuts…160 billion is… Read more »
Morning Jonathan, I appreciate your knowledgeable viewpoint, the bottom line is the NHS as currently structured and organised simply dosen’t work. The NHS budget is interesting, as we push steadily towards 200 billion a year (we can expect Labour to do that). It becomes unaffordable, especially in light of government wider ‘massive’ social spending and borrowing exceeding our GDP to pay for it… If your viewpoint is right, then an additional 40 billion won’t do a bloody thing anyway, that’s quite something, an amount of money equivalent to our entire defence budget will do little to nothing! That sir is… Read more »
hi John the unfortunate truth is our system is not the profoundly broken thing it’s actually our perception of the cost of healthcare…we simply cannot accept how much it costs…that’s because our system is politically run and we get if free at the point of delivery, don’t get a bill and don’t understand how much or how little we pay for health from our taxes..if we want to have a western standard health system to the level of say Germany we are going to have to pay for it…as I said the Germans pay half a trillion dollars a year… Read more »
Morning Jonathan, many thanks for your interesting and always knowledgeable perspective…. It’s a rather grim perspective isn’t it, what’s to be done I wonder. If politicians were honest about it, it looks like the way forward would be a wholesale reform of the NHS ( being honest about what we expect it to do and not do), privatisation of parts of it, coupled with a doubling of the budget thrown in…. Apparently we have upwards of 6 million economically inactive ( or close to) people in the UK, we have employed people paying large sums in NI payments a month… Read more »
Yes social care…another system in which the British public wish to pay nothing and expect everything…. personally I think we need to go down a social insurance system in which everyone pays into a pot ( not general taxation) that supports a completely independent health system…the health system sets the rates and agreeds what is provided for those rates with a Large national health forum ( that’s how Germany does it)…if you have a reason you cannot pay ( say you don’t have capacity, the government pays for you). The health and social care are so interconnected they should be… Read more »
Totally agree mate, political forces on both sides have kicked that ball down the road for years.
Time for a bit of joined up thinking by grown ups and seperate both Social care and the NHS from bloody politicians ….
The ex head of BMA stated the NHS will consume the entire UK GDP by 2070. Of course it will be unstainable long before that. But politicians can’t actually have grown up conversation on the NHS, its value as political capital is far to high. So my view is continue to suck others government budgets dry and damaging other parts of the economy before the politicians stop using it for their own ends and restructure it. But by then a lot of damage will have been done.
Unfortunately Expat..there is a simple truth we all want to live as long as possible…that means the demand for healthcare is unlimited….that’s why the US spends 4 trillion a year on it and close to 20% GPD the only limit the US put on healthcare is the individuals ability to pay…we place strict controls….but we as the public then expect unlimited resources…..I don’t really care what the public decide, I’m beyond it but at present they are being feed BS by Politicians and the media…you cannot have unlimited Healthcare requirements….while not paying for it….then wonder why your health care professionals… Read more »
Yes but the NHS pension age is 67…this is basically to encourage the old to stay in work..this is basically to try and keep GPs and other senior clinal staff working..as it cost £200,000 to train Dr and then another 500,000 to get them to GP level…essential after other training each of those retired GPS is walking away with an easy million pounds of training…so if we can keep them for a few more years….it’s fiscally sensible to do so…quite frankly one of the armed services big issues is it’s inability to retain the knowledge and training of its seniors.… Read more »
The problem is cuts to training budgets in 2010 which decimated training and has left the service dependent on retired and imported clinicians.
I think for you look at total cost of employment between public and private sectors there’s not much difference. For instance for most in the private sector to get the same level of pension security as say NHS staff would need to sacrifice bigger portion of there salary. NHS pays a whooping 20% into the employees pension. Private sector employers pay 3%. Another example is 33 days annual leave after 10 years that’s 25% higher than the private sector which normal gives 25 days irrespective of time served. Then there car loan deals, the blue light card, remember if you… Read more »
Agree with most of that.
Although, we have technical posts unfilled in our part of the public sector, for over five years.
When we train people from scratch they run off to the NHS.
People leaving for the NHS in droves.
We cannot get even CCNA qualified people to come to interview, CCNP – Ha! Ha! Ha! Ha!
Hi Expat, NHS fleet solutions is not really a benefit, when you compare it against normal deals it’s no better or worse….the big issue with it is the NHS no longer pay you a reasonable mileage figure….I don’t actually know anyone who has a car from fleet solutions….TBH…the only time it’s actually any good is if your a higher rate tax payer and you take salary sacrifice and go for an electric car……most of the benfits on that website are simply private sector offers to generate sales from a big group of people it’s got nothing to do with the… Read more »
Didn’t MFI stand for Made for Idiots 😀. 20 years ago you would have good pensions etc in the private sector, That’s all gone now, there’s some outliers who still offer better than average benefits, mostly to existing employees. And also people like me lost pension in the private sector because they went under, lost my first 10 years of paying into one scheme then the fund went under, on paper it offer 2/3 final salary. My job, company pay 3% pension, that’s it, No option for a discount card at all. Get a car allowance but its taxed so… Read more »
Indeed it was better in our day… re the car..and dropping the allowance, that’s what the NHS does…I cannot remember exactly what they drop it to…but it’s somewhere close to that 12p per mile silliness…add in the car tax costs…it’s just giving the government some money…which is why no one takes the NHS lease cars…As for MFI, they were honest to god a really good company to work for….lots of life long staff ( I even did part time sales work for MFI when I worked for the NHS as they paid better in the early days of my nursing… Read more »
I think the NHS has lost its way , more and more staff joining straight from universities …. Nurses now needing a degree , coming out with huge debt and wanting huge pay rises
I doubt that technical support staff join straight from universities, if they do, competence is the problem.
Yep and that’s the basic standard, modern nursing is a profoundly complex role….that degree provides nothing more that the essential requirement of 2000 hours practice and 2000 hours theory to give you the foundation stones only..it actually takes around 5 years to get a reasonably competent staff nurse who understands their specific specialty…you need another 5 years for a enhanced role nurse and another five years after that for an advanced practitioner. Nurses actually really only want the same sort of pay as Tesco workers have been given…. If the health system was a market driven they would have had… Read more »
Will they drop the NHS benefits to match Tesco? I don’t believe Tesco pay 20% into their employee pensions or provide 33 days leave after 10 years or will the NHS drop sick pay to 16 weeks (1 week for each year up to 16 years service!)? If I’m on 40k at Tesco I need around 46.5k to match the pension contribution alone. Another 2k for the extra leave. Better measure would be cost of employment which includes all the benefits. If NHS staff want the same deal (pay + benefits) as the private sector they need to be careful… Read more »
Interestingly Tesco had a defined benefits pension scheme open well after the NHS closed its scheme..that last NHS defined benefits scheme closed in 2015 Tesco closed their final salary scheme to new members in 2021/22. As for who pays what. You have to remember that there is no NHS pension fund…the money that is paid in that years contributions pays the pensions for that year and then any excess money is sent back to the treasury…so last year 10% of the money was sent back to the treasury. As for contributions, you also have to remember that Tesco employees pay… Read more »
That was some rant. Notice I never said people don’t deserve more but I wanted to point out that its not apples with apples. Yes some employees get overtime. Generally hourly paid get overtime but salaried employees don’t, I don’t. If a customer calls I have to answer or get involved in work issue out of hours then I work. Loads in the private sector work extended hours without pay. I have been in the situation where I have had to pay from my own pocket for a relative who was very ill it was a 5 figure sum, my… Read more »
Personally I think the funding by taxation is the busted model because politicians will simply not tell the truth and convince the public they can have a Bentley for skoda money….I would like to see a system such as Germany when an independent body sets the compulsory insurance costs and what you actually get for that…Germany still controls its costs so it does not let market forces rip as the US system does but it provides realistic funding to the health system ( half a trillion ish not the fantasy amount the Treasury make up or the fantastical service requirements… Read more »
The simple fact is the NHS is damed to hell and back for spending money on management costs…surprise Surprise if you don’t have IT, information governance and digital security management..you get this. Essentially the NHS is pretty much entirely focused on managing sick people today and very little else at the moment…because that’s what the Government has told it to do ( the government are actually are accountable for the NHS and tell it what to do and how much money it has to do it and how that money will be spent, and it’s not telling us to spend… Read more »
The problem is the government and always will be. The reality is these issues are solved in other countries and large organisation and there’s commercially available systems that will break the back of the problem meeting 95%+ of the requirements. I worked for a larger private sector company who had 400 systems connected and millions of transactions between them daily. I suspect the issue is the same as the MOD’s – bespoking and gold plating requirements meaning off the shelf system don’t fit or need to be heavily customised = large sums of money and adding new feature compromises the… Read more »
Expat that 400 systems and 1 million transactions a day, its litterly insignificant compared to the scale of the data issue..NHS in England alone is made of of over 20000 different organisations and companies..and many of those will have many hundreds of systems…. there are 570 million interactions with patients in any one day..creating a number of different records and exchanges of information that’s trillions of set of information exchanges each day every day 24/7..not only that as the NHS is not a single organisation but around 20000 organisations it’s in constant flux with the systems undergoing massive changes every… Read more »
I don’t doubt what your saying but I doubt all those system need to be connect in real time. Secondly you don’t actually connect each system to each other, modern enterprise service bus(ESB) will drastically reduce transaction volumes, a source system will send one message to the ESB the ESB sends it on to the required systems. So lets say an address change, this gets sent once not 20000 times to 20000 systems this vastly reduces the load on the systems. if you like have a bit of read up on ipaas technologies (Mulesoft, Tibco Boomi)
Hi expat the biggest problem is that because it’s healthcare information we are not actually allowed to automate sharing, there alway has to be a human in the loop of every information transaction making decisions on what should be shared using legal and ethical framework…..as well as ensuring the patient has given permission….this is what really breaks the system to be honest..also the type of information to be shared and who with…will change with each and every transaction. The other big problem is that people don’t really understand that the NHS they think exists does not, there is no real… Read more »