26.03.25
Comment: Software bug at firm left NHS data 'vulnerable to hackers'
Hi Claudia,
It has been reported that the NHS is "looking into" allegations that patient data was left vulnerable to hacking due to a software flaw at a private medical services company. The flaw was found last November at Medefer, which handles 1,500 NHS patient referrals a month. The software engineer who discovered the flaw believes the problem had existed for at least six years.
Commenting on this, Graeme Stewart, head of public sector at Check Point Software, said, “As any good GP would say, prevention is always better than cure. The second a flaw appears in a system holding sensitive patient data, it needs stamping out - immediately.
"But the bigger question this raises is - is it really best for organisations to ‘mark their own homework’ on cybersecurity? The NHS says there is ‘no breach,’ yet how can anyone be sure if it is just an internal review?
"Let’s be honest: NHS bosses will have to keep outsourcing for rapid improvements, so more incidents like this are bound to happen. We need a system the public can truly trust. Perhaps the NHS outsourced providers - and similar sectors like education - should be contractually forced to let third parties test their systems before using live public sector data, and an independent body should investigate.
"Ultimately, when sensitive health data goes wrong, it can be catastrophic for people’s lives. That is why rigorous testing, regular audits, and bulletproof incident-response plans must be non-negotiable.
"That back-end approach, under proper scrutiny, could be the ‘apple a day’ that keeps frontline doctors and nurses away from getting dragged into cybersecurity chaos - the kind that can force hospitals back to pen and paper.”
Please get in touch for any further commentary or to speak with Graeme.
Best,
LARA JOSEPH SENIOR ACCOUNT DIRECTOR
Eskenzi PR