Caroline Black writes about the recent data breach in the NHS, globalisation and what the health service needs to do to prevent larger cyberattacks.
The rapid rise of digital technologies means we live in an interesting and transitional time for the world of medicine. For example, we are increasingly relying upon computers to store records and to aid medical professionals. Is it clear these efforts are saving resources and that the NHS wouldn’t be able to function properly without such computer systems, but are there risks that must be considered as well?
The recent NHS security breach reminds us of these questions and their relevancy. To summarise the events, data sharing was activated in such a manner that hundreds of thousands of health workers could access private health records, even if there were no medical reason for doing so. Before the problems were rectified, millions of identities could have been stolen, and these records could still be released to the public.
Now, what if it were to happen again on a larger scale? Privacy would be wiped out for many people, and without a quick response, medical fraud would run rampant, breaking down trust between patients and doctors and affecting care. On a larger scale, enemies abroad may find uses for this information. It is clear something should be done, but what?
The Effects of Globalisation
As the medical field becomes more specialised and there are more professionals seeing a single patient, there are more people reviewing and holding patient health records. This equates to more potential vectors for a cybercriminal to attack. The NHS needs to make awareness of this fact a top cybersecurity priority and improve security measures dealing with the transfer of files. Specifically, questions about the relevance of these files and who has access to them need to be answered.
Additionally, more people are moving frequently and travelling around the world, which means health care records often pass through multiple countries. Not all countries have the same standards for privacy and security, and a cybercriminal will naturally target the weakest link to get the best return on their investment.
Service providers will need to grow more careful, and clear international guidelines will need to be enacted if we are to avoid a massive data breach. Digital transformation is going to happen (in many ways it already has), and it will raise health care standards worldwide, but globalisation will also leave us more vulnerable and dependent on those networks. Not only will there need to be strict security standards, but there will need to be a process to automatically update them.
Patient Protection and Prevention
While authorities and cybersecurity professionals are still addressing the roots of the current problems and issues facing the system, patients can take efforts to protect themselves. The NHS should take measures to educate the public in conjunction with media outlets and cybersecurity professions. Some of the things patients should do include:
- Educating themselves on the specifics of how the NHS handles their health information. They should know their legal rights and responsibilities so that they can make informed decisions. At the very least, they’ll be able to react more decisively and effectively in the event of a large-scale breach. It is the responsibility of the NHS to make this information as available and accessible as possible.
- Questioning and pressuring health care service providers should they feel concerned. When practices feel economic pressure related to how they handle information, they’ll make proper procedure and cybersecurity protocols a priority. The NHS attack might scare them, but it also might not be enough.
- Improving their personal security, especially as more are able to access personal health records online. Cybercriminals will attempt to steal records from WiFi networks and personal accounts, so software such as Virtual Private Networks and security suites are necessary for the modern consumer.
Additionally, further standardisation and strict enforcement (even measures built into the system itself) will be necessary. As the risks grow, so must the precautionary measures. Cybercriminals only need to win once to succeed, meaning public defenses must be 100 percent effective. If not, we might find ourselves dealing with a far worse breach than the NHS hack.
Do the recent attacks on the NHS make you worry about your health records? Were you affected by these attacks? Do you have any thoughts on what could be done to prevent future issues? Please leave a comment below and tell us your thoughts.