Almost half of all NHS Trusts carry out security vulnerability testing on their web and mobile just once a year, potentially posing a major security risk to customer data.
A Freedom of Information request by Veracode, which provides such services, found that 45 per cent of respondents scan their software just once a year. Conversely eight per cent do so on a daily basis.
The responses also found that 50 per cent of NHS Trusts only scan web perimeter apps once a year as well, potentially putting data at risk from cyber attacks carried out via old and outdated websites and third-party plugins.
However, it is worth noting only 27 of the 36 NHS Trusts contacted responded to the FoI requests, so the data could change if more responses come in.
Nevertheless the fact so many Trusts admitted to only carrying out scans once a year is notable, and worrying as it means they could be running insecure applications for almost a year before discovering any issues.
Paul Farrington, a manager at Veracode, expanded on this, noting that it seems many NHS Trusts do not realise the importance of app scanning.
"Our new research certainly raises fresh concerns regarding the safety of patient information here in the UK, as well as across the globe," he said.
"There appears to be a lack of emphasis on application and web app scanning within the NHS, which could put trusts at an increased risk of losing patient data to hackers."
He noted that with the ICO able to issue fines of up to £500,000, and potentially even higher under the GDPR, NHS Trusts need to consider this issue more thoroughly.
"With hospitals correctly demanding rigorous sterilisation of surgical instruments and cleanliness from staff to fight the risk of infections spreading, the same should be considered when assessing their digital cleanliness to defend against the growing - and changing - threat of cyberattackers."
38-year-old Alexander Vinnik faces up to 55 years in jail
Threadripper also available from today if you want a lot more power - but you'll have to wait for the motherboards to appear
Personal data belonging to hundreds of thousands of customers was stolen
Whitman to remain as CEO of HPE, while rumours swirl that she'll be taking over at troubled Uber