This article is part of our Essential Guide: Healthcare cybersecurity risks and management

UK public increasingly concerned over NHS data sovereignty

Amid security concerns and AI advances, a majority of the British public still trusts the NHS to store and analyse their health data, but would prefer it remains domiciled in the UK

A series of damaging cyber incidents in which data was stolen or leaked from NHS organisations seems to have done little to dent public confidence in the health service’s ability to safeguard personal healthcare data, with 59% of 2,000 respondents to a VMware study trusting the NHS to do so.

However, amid increasingly pressing concerns about data security and privacy, and the growth in use of artificial intelligence (AI), VMware found clear majorities in favour of keeping their data stored in the UK (87%), and against any use of AI to analyse it, even if it helped improve their care (56%).

Out of those who stated it was important for their data to be stored in the UK, 39% believed doing so would ensure it is handled in compliance with the UK General Data Protection Regulation (GDPR) and other privacy regulations; 22% said they did not trust organisations in other countries to safeguard their data as well as the UK; and 21% thought keeping their data domiciled in the UK would leave it less susceptible to cyber threats from hostile countries.

VMware said that although many NHS and social care organisations use non-national public clouds – such as AWS, Google Cloud, Microsoft Azure and so on – that are deemed adequately secure by the UK, data held by such providers could still be subject to external jurisdictional control in some circumstances.

The firm noted that many business leaders share the same attitude, with almost half either very or extremely concerned about handing critical data to US-based cloud providers, and 62% concerned that their current clouds do not meet their data sovereignty requirements, according to research released in February 2023 by IDC analysts.

As such, VMware EMEA cloud evangelist Guy Bartram said consumer opinion clearly matters. “These findings demonstrate the increasing importance of data integrity and sovereignty in helping the NHS, among other highly regulated industries, realise and unlock the true value of their sensitive and critical data,” he said.

“By embracing cloud sovereignty, the NHS can build public trust and assertively maintain governance, fortify data protection and help unlock the true value of critical and sensitive patient data in delivering patient services.”

Eye on AI

Data sovereignty of course extends beyond where data is physically located, but also how it ends up being used and analysed by tech platforms, including AI.

VMware found a diverse range of opinions regarding the use of AI in healthcare, with 45% of respondents saying they were open to its use to improve NHS services, and 44% happy for the NHS to use AI if it meant they could get diagnosed quicker. A quarter, however, said they were against any use of AI in the UK health system.

Darren Adcock, senior product manager at Redcentric, a UK-based MSP that has worked extensively with NHS bodies, said: “While there are vast rewards to be harvested through applying AI to healthcare data, we have to remember that each datapoint relates to a patient, and every patient should trust that their privacy is maintained.

“By harnessing the power of AI and advanced technologies within a secure and sovereign cloud framework, the NHS ensures that groundbreaking advancements in healthcare never compromise patient privacy and trust,” he said. “Sovereign clouds serve as a pivotal enabler, allowing the NHS to drive progress responsibly, ethically and with the utmost dedication to patient wellbeing.”

Read more about NHS IT

Will Venters, associate professor of information systems at the London School of Economics, added: “Ongoing digital transformation and the increased use of emerging technologies such as AI have spurred both excitement for true innovation to revolutionise our NHS, but also a new urgency for how this boom in data will be securely managed and stored.

“With the increased use of multiple clouds to create, store and distribute apps – apps which the NHS relies on, from frontline clinicians through to optimising operations – it’s essential to patient trust that the NHS protects sensitive patient data, and this can be achieved by protecting it with sovereign clouds,” he said. “AI has created new data opportunities, so it’s critical the NHS can make better use of its data, to build a resilient and patient-centric healthcare system that the UK needs.”

Cyber training options for NHS

Meanwhile, networking specialist Cisco has opened the doors on a new branch of its Cisco Networking Academy (CNA), dedicated to helping NHS clinicians and staff improve their digital and cyber security skills – in support of the government’s NHS Long Term Workforce Plan, a focus of which is upskilling workers to operate in and protect digitised healthcare systems.

On offer will be a variety of self-guided and instructor-led courses targeting everything from cyber basics to more advanced skillsets and specialism in areas such as endpoint protection or network security.

Elizabeth Barr, head of CNA for the UK and Ireland, said: “To future-proof the NHS for the next 75 years, awareness of how to keep it safe from cyber attacks will be paramount.

“In collaboration with the Open University, the new Cisco Networking Academy for the NHS will help close the current cyber security skills gap, ensuring everyone is empowered to help safeguard the future of our health service, as well as acquire new and exciting skills in an increasingly critical field.”

Read more on Privacy and data protection