Trusts in special measures 3x more likely to be hit by cyber-attack – report

  • 26 May 2017
Trusts in special measures 3x more likely to be hit by cyber-attack – report
cyber prevention

Trusts that have been in special measures were three times more likely to be hit by the recent NHS cyber-attack, according to an initial report.

A report published in the British Medical Journal’s (BMJ) days after the cyber-attack, suggests there is a link between a trust’s cyber-attack susceptibility and its Care Quality Commission (CQC) rating.

Special measures is when a trust is found to be delivering inadequate care.

Amitava Banerjee, who wrote the piece and is a senior lecturer and honorary consultant cardiologist at University College London, told Digital Health News that “the main finding is that if you’ve been at some stage in special measures then you’re three times more likely to have been affected by the attack”.

“With the proviso, there are obviously trusts that have been affected to different extents.”

The letter said that between 2013 and 2017, 28 of the 153 acute trusts in England have been placed in special measures by the CQC.

Out of the 48 trusts affected by the cyber-attack, 37 were directly attacked and shut down systems as a precaution. Out of those 37, 12 were in special measures at some stage between 2013 and 2017.

The report described it as “crude, unadjusted odds ratio and there are limitations” including lack of detail on the severity of the attack, level of digital maturity and reason behind why each trust was in special measures.

One of the trusts that was still affected four days after the attack was Colchester Hospital University NHS Foundation Trust, a trust that went into special measures in November 2013.

Banerjee said that the results could show that “coming out of special measures is a longer process than we think, or that in order to come out of special measures you might have to, whether its cut costs or do things that do not encourage digital security”.

He said that the CQC could consider whether it was measuring the right things, and encouraging the right system behaviours, if the trusts are ending up with less cyber security.

In July 2016, the CQC reviewed data security across the NHS in ‘Safe Data, Safe Care’ with a recommendation to amend its assessment framework and inspection approach to ensure data security standards are being met.

The review also confirms that the CQC will amend its assessment framework and inspection approach to include the new data security standards recommended in Dame Fiona’s report

A CQC spokesperson said in a statement provided to Digital Health News that: “The package of recommendations that CQC made in last year’s Safe Data, Safe Care review were aimed at ensuring that providers took responsibility for data security seriously”.

She added that the CQC hopes to implement the new framework in June, and that since last July the CQC “have been working alongside NHS Digital on the development of CareCERT”.

Banerjee’s letter said that “events of last week [cyber-attack] will undoubtedly mean a far greater level of digital scrutiny during future CQC inspections”.

Banerjee described the letter as “hypothesis generating, rather than giving answers”, and said he would be taking the research further.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

Data published online following data breach at Alder Hey

Data published online following data breach at Alder Hey

A major data breach of Alder Hey Children’s NHS FT's online systems has seen private information published online and shared via social media.
Movers and Shakers news roundup

Movers and Shakers news roundup

Our latest Movers and Shakers roundup includes Sir Julian Hartley being appointed as chief executive for the Care Quality Commission (CQC).
CQC pledges to fix ‘poorly performing’ IT systems following review

CQC pledges to fix ‘poorly performing’ IT systems following review

The CQC has committed to fixing its regulatory platform and provider portal, following two reviews highlighting issues with its IT systems.

2 Comments

  • Agree with Nigel’s comments. Casual look at other trusts serving areas with similar social economic makeup appears to show they invested more in the back office.

  • If you divert main funding to front line and neglect to support the back office functions what do you expect?

Comments are closed.