Only 36 percent of NHS staff believe current measures to protect their organisation from cyberattacks are sufficient, according to new research.
The research from BT surveyed both NHS staff and the public to explore sentiment around digital healthcare in the UK. It discovered that just 42 percent of NHS employees trust that existing systems are robust enough to safeguard sensitive patient data
The survey also pointed to the challenge the NHS faces from legacy tech. Nearly two-thirds (64 percent) of NHS staff report that patient data is isolated and inoperable due to outdated systems. These technological constraints threaten the ability of staff to deliver care safely and efficiently, said BT.
Also, despite a modest rise in training on new technologies (from five percent in our 2022 survey to 15 percent in 2024), training on both new and existing systems has fallen from 47 percent to 39 percent. Frontline staff report a lack of regular training, with 60 percent calling for more. This data suggests that training is mostly a one-off initiative, rather than an ongoing effort, which exacerbates risks and vulnerabilities.
Awareness of cyber risk overshadowed by lack of preparedness
The report also indicates there is strong public awareness of the importance of cybersecurity in keeping public health services running, with 60 percent of UK citizens concerned that critical NHS systems could be disrupted or disabled by cyberattacks. More than half (57 percent) worry about cyberattacks on the NHS, and 56 percent are concerned about patient data exposure.
If you liked this content…
In the Spotlight: South West London Integrated Care Board
How can NHS organisations comply with 2023 security regulations?
UK tightens requirements for IT suppliers with new cybersecurity bill
In the Spotlight: Lancashire and South Cumbria Secure Data Environment (SDE)
Essex NHS Trusts to roll out new £65 million Patient Record system
Encouragingly, 55 percent of the UK public rank training NHS staff in new technologies as a priority.
Commenting on the research, Professor Sultan Mahmud, director of healthcare at BT, said: “The NHS is rightly focused on saving lives, so it can be hard to stay ahead of cybersecurity threats with the landscape shifting so quickly.
”Threats targeting healthcare have grown in frequency and sophistication, endangering patient care and compromising vital services. BT logs 2,000 signals of potential cyberattacks every second, totalling 200 million per day across sectors. With over 1.7 million employees, the NHS is the UK’s biggest employer, so empowering this workforce is vital.”
“Across the NHS, high awareness of cyber risk is overshadowed by a lack of preparedness. Moreover, significant frustrations with legacy systems are affecting care, exacerbating training gaps. Having worked in the NHS before joining BT, I understand many of these challenges and the importance of bringing together leading minds. Through initiatives like our Clinical Advisory Board and Vanguard Programme, BT Health is enabling collaboration between healthcare, policy, and business to drive meaningful change.”
Professor Natasha Phillips, former chief digital nurse to NHS England, founder of Future Nurse and BT Clinical Advisory Board (CAB) member, added: “In healthcare, cybersecurity isn’t just about protecting data; it’s about protecting lives. Nurses are often the first point of care. To deliver life-saving and compassionate treatment, they depend on easy access to secure systems. As we embrace digital innovation, we must ensure that all clinicians have the confidence, training, and tools to work safely and free from disruption. Ultimately, building a resilient NHS requires a united effort, where technology, training, and trust come together.”
