The NHS is still exposing itself to dangerous cyber-attacks that leave it vulnerable and in “urgent” need of protection, according to a white paper written by experts at Imperial College.
The paper, which was presented to the House of Lords earlier this week, hinted that not only was there a lack of investment in this area, but that outdated systems and deficit of skills and awareness in cybersecurity are leaving the Hospital Trust open to software bugs.
Plans to improve
Although those behind the report acknowledge and commend the current security system, they say that more needs to be done to protect the NHS, including higher levels of investment.
In the hopes of preventing cyber-attacks, the Department of Health and Social Care announced a 3-year plan to invest £150 million last October. Whilst a recent NHSX plan has also been announced in the hopes of a digital transformation for the organisation.
An attack on the NHS’ computer systems can have a detrimental effect on human life if staff are unable to access patient information, details, and results. Confidential data is also at risk of being stolen if systems are infiltrated and lifesaving medical equipment can crash if the software behind it is altered.
Another part of their suggestion to improve this area also involves training up staff more, hiring cybersecurity professionals into their teams and adding ‘fire-breaks’ into their IT systems. Adding ‘fire-breaks’ will mean that if a system does become under attack, this can be turned into an isolated section, so the infection does not spread.
The NHS and tech
As the NHS is already using a lot of AI and ML within the organisation, the report also suggests that security needs to be implemented into these devices too. They also suggested that as the health service uses more cloud computing and advanced technology in general, they need to be vigilant on the security they use.
Co-Director of the Institute of Global Health Innovation (IGHI), Lord Darzi, said: “We are in the midst of a technological revolution that is transforming the way we deliver and receive care. But as we become increasingly reliant on technology in healthcare, we must address the emerging challenges that arise in parallel. For the safety of patients, it is critical to ensure that the data, devices, and systems that uphold our NHS and therefore our nation’s health are secure.”
He continued to talk about the importance of continuing research by saying, “This report highlights weaknesses that compromise patient safety and the integrity of health systems, so we are calling for greater investment in research to learn how we can better mitigate against the looming threats of cyber-attacks.”
In 2017, the NHS came under a cyber-attack dubbed ‘WannaCry’ that impacted upon 34 NHS hospitals because of a ransomware attack.
During this time, staff were unable to access patient data, 20,000 appointments had to be canceled and overall, the attack cost the NHS an estimated £92 million. The report comments that this was just one of many increasing attacks on the National Health Service.
Lead author of the report from the IGHI, Dr Saira Ghafur, commented: “Since the WannaCry attack in 2017, awareness of cyber-attack risk has significantly increased. However we still need further initiatives and awareness, and improved cybersecurity ‘hygiene’ to counteract the clear and present danger these incidents represent.
“The effects of these attacks can be far-reaching – from doctors being unable to access patients test results or scans, as we saw in WannaCry, to hackers gaining access to personal information, or even tampering with a person’s medical record.”