Loading... Please wait...

Is primary care failing patients in the digital world?

Posted by

You may have read recently about cybersecurity in the NHS. An investigation by Sky News found that a number of NHS trusts have spent nothing on protecting their online data. We're all quick to want to bring banks, online retailers and mobile phone companies to task when the latest hacking debacle is announced.

I'm surprised that the news of out-of-date systems, out-of-date software, and inadequate cybersecurity policies and procedures have not been equally vilified. After all, what's the worst that can happen if your bank gets hacked? In the primary care online environment, it's not just your customers' cash that can get stolen; their lives could be at risk.

In this first part of two, I'll look at some of the background of primary care cybersecurity. In the second part, I'll discuss what your GP practice can do to improve its cybersecurity capabilities and keep your patients safer.

The warning signs have been there for a long while

I've looked into a little of the recent history of the cybersecurity issue in the UK primary healthcare, and found that it has been identified as a major issue in the NHS months and even years ago. However, those warnings seem not to have been heeded.

Digital Health News (DHS) launched a cybersecurity hub in May this year. It noted that the NHS has spent at least three decades investing in automating processes and supporting online records to improve clinical care. More than half of all NHS trusts keep their records electronically. It noted examples such as NHS Orkney and Royal Berkshire NHS Foundation Trust – both affected by computer viruses. In the United States, there has been a spate of cyber-attacks, with records stolen, systems attacked, and processes halted. In the face of all this evidence, DHS urged the NHS to "wake up to cybersecurity".

In September, the National Health Executive announced new cybersecurity measures. The CareCERT team was set up a year earlier, and 12 months on it has started three new services (though all in the testing stage):

  • CareCERT Knowledge, an e-learning portal for health and care staff
  • CareCERT Assure, to help organisations assess their cybersecurity measures
  • CareCERT React, providing advice on reducing the impact of a security incident

When announcing the new services, Andy Williams, CEO of NHS Digital said, "Good digital security is key to all roles in health and care."

At the end of October this year, a government minister, Ben Gummer, said that "large quantities of sensitive data" held by the NHS are being targeted by hackers.

He made this announcement a day after Northern Lincolnshire and Goole NHS Foundation Trust was forced to shut down its IT systems after a major virus attack. Women in labour (with high risk pregnancies) were transferred to nearby hospitals. People who had suffered major trauma were redirected to other hospitals miles away.

In short, a failure of cybersecurity put lives at risk.

Does primary care take cybersecurity seriously?

The Sky News investigation found several other examples of poor cybersecurity directly leading to potential loss of life. It also found that the average spend by an NHS Trust on cybersecurity is £23,040 per year. When you consider that the government estimated that online crime cost the UK £27 billion in 2015, the £23,000 budgeted for digital security seems wholly inadequate.

Let's not forget that a computer hack could shut your whole system down. What cost would you put on the lives of your patients in those circumstances?

Cybersecurity is an issue that cuts long and deep in primary care. Many cybersecurity measures cost money – in some cases, a lot of money. However, there is plenty that you can do in your GP practice at a very low (even zero) cost and that will transform your cybersecurity for the benefit of your staff and your patients.

In a future blog I'll look at a simple 8-step cybersecurity strategy that every GP practice can put in place today.

eSupplies Medical is a trading name of Williams Medical Supplies Ltd, a DCC business