As the quality and efficiency of digital technology increase, so do the cloud and the accompanying ocean of data inputted into the digital ether. Systems data, consumer data, and most importantly, patient data are being generated to an unprecedented degree where entire profiles of highly private information are being stored in medical data centres worldwide.

Online, the websites and social platforms harvest information on consumer choices, preferences, and desired activities to be repurposed and sent to advertising agencies to create targeted ads to be sent back to you.

On the surface, the apparent lack of anonymity may be unnerving, but it comes nowhere close to the pervasiveness of medical software that collects the most private forms of information about one’s biology and health records.

Your health data consists of various items, ranging from general demographic information to private health history records. Additionally, items related to financial property, such as credit card and bank account numbers, as well as information related to personal identity, are present within these data stores.

Generally, it would be undesirable for this private information to be open to the public, let alone in the hands of actors who aim to use this personal information for malicious purposes.

Considering this, there is a pressing demand to instill effective cybersecurity frameworks within medical devices and settings. Healthcare organisations such as the NHS are particularly vulnerable to targeted cyberattacks, especially as it is entering the digital space and discovering the challenges that arise from it.

We keep hearing the notion of interoperability, which aims to ensure rapid and efficient communication between national healthcare systems. However, why would interoperability be desired when the underlying cybersecurity of these systems is inexistent?

Before continuing, let’s put this matter into context and describe the various scenarios in which weak cybersecurity in medical devices can engender significant damage to patients and healthcare facilities.

For one, there is an extremely high demand for stolen healthcare records on forums within the dark web. This demand has prompted cyber thieves and nation-state actors (e.g., intelligence services) to target data, including patients’ protected health information, credit card and bank account numbers, epidemiological data and intellectual property surrounding medical research and development (reference).

On August 4th, 2017, a ransomware attack had been generated and hit NHS digital assets all around the UK, which caused widespread outages across NHS facilities. The attack specifically targeted Advanced, a company that provided software support to various aspects of the NHS’s health services. Here, services such as patient referrals, mental health services, and even ambulance dispatches were significantly impacted. Additionally, significant amounts of private patient data were thought to be stolen during the “blackout”.

Now that context has been established, do you begin to see the imperative for our medical devices and systems to implement robust cybersecurity protection frameworks? Parallel to this, the following questions arise, how do we ensure this? And how do we ensure that the same initiatives are implemented nationwide?

A shift in perspective must be made to ensure that a practical cybersecurity framework is set in place. Cybersecurity frameworks should not be viewed as an IT issue but rather as a fundamental need to protect patient safety. This shift in perspective implies governmental oversight and the need for a unifying standard to be procured for all medical settings to follow.

These sentiments are all echoed within the Cybersecurity report undertaken by Imperial College London (2019), which detailed the need for adequate infrastructure to be developed for the interconnected networks that are beginning to form between healthcare systems in the UK.

Moreover, a significant emphasis must be placed on risk awareness and embedded across NHS services to respond to inevitable cyberattacks efficiently.

Here are the main issues which need to be addressed by the NHS before we can achieve these outcomes:

1. The lack of priority given to cybersecurity in funding initiatives.
2. The lack of staff training to respond to cybersecurity threats.
3. Outdated and archaic IT infrastructures and medical devices that increased cybersecurity vulnerabilities.
4. Inefficient incident response protocols.
5. Complex structures that mitigate the ability to enact rapid defensive protocols in the face of cyber-attacks.

These are the main factors that the UK is currently faced with before it can achieve a reliable cybersecurity framework within its national health care system. Ultimately, cybersecurity is the underlying framework that must be ensured before we can commence any long-term technological initiative with assurances of patient safety. At the end of the day, all the progress is made with the patient’s safety in mind, and it is this notion that healthcare providers must remember when contributing to our healthcare systems.

The term cybersecurity itself can sound like a daunting challenge simply to understand, especially for those in less technical areas of expertise, yet it’s no less important a topic to ensure has been considered as we seek to deliver digital transformation and implement new and innovative digital technologies within healthcare settings. The team here at HIC are here to help you discover your cybersecurity requirements and technological solutions to ensure you are fully equipped to implement new and exciting tech in the health and care industry.

If you’re looking for knowledge and advice about cybersecurity, act today and get in touch with our experts at HIC.