The adoption of new technologies by NHS hospitals, such as robotics, artificial intelligence, implantable medical devices and personalised medicines based on a person’s genes, has given rise to new challenges in the cyber space and there is a need for greater investment to secure these technologies from cyber attacks, a new white paper has warned.
A new White Paper on NHS Security presented at the House of Lords by Imperial College London’s Institute of Global Health Innovation has warned that even as the NHS adopts new technologies, it continues to suffer from a lack of investment, outdated computer systems, and a lack of skilled personnel which is placing NHS hospitals at risk.
Terming the WannaCry attack, that cost the Department of Health and Social Care around £92m to mitigate and address, as “relatively crude and unsophisticated”, Professor Lord Ara Darzi at the Institute of Global Health Innovation said that the number and sophistication of cyber attacks on the NHS is rising and therefore, NHS trusts should take steps to secure their systems from emerging threats.
“We are in the midst of a technological revolution that is transforming the way we deliver and receive care. But as we become increasingly reliant on technology in healthcare, we must address the emerging challenges that arise in parallel.
“For the safety of patients, it is critical to ensure that the data, devices and systems that uphold our NHS and therefore our nation’s health are secure,” he said.
Need for improved cyber hygiene to address security issues at NHS
According to Dr Saira Ghafur, lead author of the White Paper, even though awareness about cyber attacks has increased since the WannaCry attacks took place, there is a need for “improved cyber security ‘hygiene’ to counteract the clear and present danger these incidents represent”.
“The effects of these attacks can be far-reaching – from doctors being unable to access patients test results or scans, as we saw in WannaCry, to hackers gaining access to personal information, or even tampering with a person’s medical record,” she warned.
The authors also lauded the creation of a new unit called NHSX by NHS, stating that “it is hoped that this organisation will help streamline cyber security accountabilities” but also warned that addressing the issue of cyber security will not be possible without a shift in culture, awareness and infrastructure.
“Security needs to be factored into the design of digital tools and not be an afterthought. NHS trusts are already under financial pressure, so we need to ensure they have the funds available to ensure robust protection against potential threats,” Dr Ghafur added.
NHSX was set up earlier this year to oversee the use and storage of data by NHS organisations and to create policies and best practices for NHS technology, digital and data. Matthew Gould, who was Director General for Digital and Media Policy in the Department for Digital, Culture, Media and Sport since 2015, was appointed as the first CEO of NHSX.
“In Matthew Gould, NHSX has appointed a Chief Executive with a depth of experience at the intersection of technology and the public sector. We have worked closely with Matthew to help nurture a digital ecosystem where great ideas can become successful, scalable companies and there is a huge opportunity to do just that in the health sector,” said Julian David, CEO of techUK.
“There is broad consensus that NHS technology simply isn’t good enough. Patients have to repeat the same information; clinicians spend hours logging on to outdated systems; and managers can’t access the data they need to make big decisions. We look forward to working with him to propel the UK into a destination of choice for health tech innovation,” he added.
ALSO READ: Digital transformation at European organisations outpacing cyber security