It's likely that given the sensitive nature of the information it handles, the large number of employees and the profile of the organization, any indiscretions are reported widely. Moreover, the NHS has a legal obligation to disclose every breach to various regulators, In fact, many other organizations, public and private, often experience issues as a result of insecure legacy infrastructure along with a lack of security awareness and technical expertise at all levels. This often leads to poor security practices which in turn leave organizations, open to attacks. All organizations need to focus on four different areas: predication, prevention, detection and response. Security awareness training, both for technical and non-technical people, will also help to reduce staff mistakes.