A topic that is hitting headlines more frequently within the healthcare sector is cyber security. Why? The NHS is on a drive to save money, and improve patient safety and quality of care – and it sees digital tools as key to achieving this.
While technologies such as electronic patient records and clinical portals are important to enhancing patient safety, you can argue that digitalisation of health could also put patient safety and security at risk if the necessary steps around cyber security are not taken.
Worryingly half of all NHS trusts are reported to have suffered a ransomware attack during the past year. Ransomware, for those who are not aware, occurs when cyber criminals infect computer systems with malware designed to lock up critical data by encrypting it and demand ransom in return for the encryption keys.
This means that hospitals’ digital systems are particularly at risk and so is patient data. This could inadvertently affect patient care if clinicians are not able to access vital medical information at the point of care delivery.
In a Computer Weekly article Ollie Whitehouse, technical director at NCC Group, makes an interesting point about the financial cost of cyber attacks: “Paying the ransom – which isn’t something we would advise – can cost significant sums of money, yet losing patient data would be a nightmare scenario for an NHS trust.” At a time when the NHS is cash-strapped, paying a ransom seems a very inefficient way of spending tax payers’ money.
There have been high profile cases of ransomware in the US – Hollywood Presbyterian Medical Center famously ended up paying online extortionists a hefty sum for a decryption key after being hit with a ransomware infection which forced key systems offline, affecting patient care for days.
It’s reassuring to know that despite nearly half of all NHS trusts having been cyber attacked that there hasn’t been a major case whereby a hospital has seen its systems collapsed. But as technology becomes more sophisticated, so will cyber attacks.
This is a national issue. Dame Fiona Caldicott has emphasised the need to tighten up on data security to the heath secretary, recommending in part that a ‘strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework such as Cyber Essentials’.
How can the NHS continue to protect its systems and data from increasing cyber treats? One way is to discuss and debate with industry colleagues, share examples of best practice, and listen to the experts in the field who can advise and guide on how to best approach such sensitive matters.
That is why I’m looking forward to the opportunity to learn more about this aspect of digital healthcare at the Cyber Security in Healthcare show on the 28th September, in London. With keynote speakers such as Rob Shaw of NHS Digital, and Andrew Rose of Information Commissioner’s Office addressing audiences at the event I’m sure there will be a lot of insights to take in. It’s a subject that needs more attention as we continue they journey into a digitised NHS, especially when patient data and patient care is at risk.
As a patient myself I feel there is some cause for concern. I would like to be reassured that my private health data is secure and safe in the hands of our UK healthcare system. More than that, I want to know that the care of patients is also not at risk. If any system in a hospital was to shut down because of a cyberattack, when critical patients are in need of care, what will they do? It’s important for the NHS and all government organisations to take cyber security seriously. Judging by the topics and sessions at the Cyber Security in Healthcare show – they certainly are.