Protection

Hospitals need a holistic approach to cyber security

A number of organisations within healthcare remain at risk of leaving systems vulnerable by failing to ensure there is a broad range of protection in place to safeguard data from hackers or cyber attack.

Report: Mark Nicholls

Portrait photo of John Lockley
IT expert Dr John Lockley

IT expert Dr John Lockley, Clinical Lead for Informatics with the Bedfordshire Clinical Commissioning Group (CCG) in the UK, also believes healthcare providers need to factor in more elements alongside IT considerations.

In a presentation at the EHI Live event in Birmingham, entitled ‘A holistic view of healthcare cyber security’, he suggested it was wrong to think of IT in isolation: ‘We have to consider what IT interacts with – programmes interacting with patients, the paperwork, protocols, processes and pounds, as well. We need also to remember that people are involved and how they and their psychology work.’

This is not just about individuals falling for phishing emails and clicking on unauthorised websites, or hospitals installing advanced virus blockers and other firewall safeguards, but also in ensuring staff are adequately trained in how to respond to such threats. Additionally, personnel need the time, a robust infrastructure, and the correct hardware and software needed to carry out their roles correctly and safely.

shutterstock/wk1003mike

Dr Lockley said that the National Health Service (NHS) often invests heavily in certain parts of the system but fails to guard against ‘back door’ attacks on the more vulnerable aspects of their IT.

He also warned that systems running unsupported software, such as Windows XP, were particularly vulnerable to attack and added: ‘My advice is for hospitals to spread resources carefully and thoughtfully in terms of cyber security and educate and train staff. That means having money available to buy in people to do the teaching and then giving staff the time to receive the training.’

Equally, hospitals should not go to the opposite extreme of having so many technical and procedural checks inserted into their systems that it prevents people from working efficiently. With NHS organisations now working more closely with local authorities, as health and social care come together, the health service need to ensure it is not left vulnerable when linking with outside bodies that have older, or more vulnerable, IT systems and equipment.

Cyber security needs board level priority and 24/7 IT team availability

John Lockley

Health remains a prime target for hackers and the consequences of not adequately protecting data can be devastating, with patient and clinical information potentially lost, encrypted or even altered by hackers. ‘The first priority is, take regular backups; the second priority is to ensure that you’ve put in all the latest software patches; and the third element is to train the staff to think carefully about what they are doing and not automatically click on links of open documents just because they are there,’ Dr Lockley advised. ‘Cyber security also needs board level priority and it’s important to have the IT team available 24 hours a day to respond.’

Hospitals and healthcare providers also should be aware that it is not always straightforward to upgrade to the latest versions of software, because that may impact, or not be directly compatible, with other parts of the system. ‘Overall,’ he added, ‘when it comes to cyber security, hospitals should think holistically and not just about the software, or the hardware, but also remember to give ordinary front-line staff enough training in cybercrime awareness - and then give them enough time to put these defensive procedures into action.’


Profile:
Dr John Lockley is the Clinical Lead for Informatics for Bedfordshire CCG (Clinical Commissioning Group), chair of SystmOne National User Group and a member of the eReferral Service Programme Board and Electronic Referral Advisory Board. He is also Deputy Chair of the Board of Bedfordshire and Hertfordshire LMCs Ltd and Chair of Beds and Herts LMC IM&T advisory group.

20.02.2017

Read all latest stories

Related articles

IT security

What keeps a hospital’s immune system healthy?

‘You can’t get 100 percent security, you can’t avoid all risks – but you can improve security tremendously just by considering some rules,’ explains Torbjörn Kronander, Board member, CEO…

Digital hygiene

Hospitals must be prepared for ransomware attacks

Dr Krishna Chinthapalli, a neurology registrar at the National Hospital for Neurology and Neurosurgery in London, describes how a virus - or “ransomware” - infected and locked computers at the…

Hospital technology

IT security: The user perspective

‘From an IT perspective, medicine is now networked to a very large degree, no matter which departments you look at,’ says Stefan Bücken, IT Security Officer at Erlangen University Hospital,…

Related products

DR

Agfa - DX-D 300

Agfa HealthCare

DR

Agfa - DX-D 40 detector

Agfa HealthCare

Mobile RIS/PACS viewer

Agfa - Enterprise Imaging

Agfa HealthCare

Business Intelligence

Agfa - Enterprise Imaging Business Intelligence

Agfa HealthCare

Mobile RIS/PACS viewer

Agfa - Enterprise Imaging Exchange

Agfa HealthCare