Chris Netherton, M.D.

Protecting our vital healthcare IT systems

It is very welcome news that the NHS is planning to create a new cyber security unit to improve its defence against hackers.

In the last month it was announced that NHS Digital will be investing £20 million in a new unit called the Security Operations Centre (SOC). As part of this new initiative, NHS Digital intends to use the services of “ethical hackers” to carry out penetration testing of its systems and probe for any weaknesses before they can be exploited by hackers. The SOC will aim to improve the protection of NHS systems across the country and to counter the latest online threats.

NHS Digital is investing

£20 million

in a new unit called the Security Operations Centre (SOC)

In May of this year the NHS was hit hard by the WannaCry ransomware attack, which affected at least 81 of the 236 NHS trusts in England, freezing computer systems and key communications. This led to major disruption for the NHS and many cancelled appointments and procedures.

The National Audit Office report on the WannaCry attack highlighted that the NHS had failed to keep its systems up to date and had not carried out rehearsals on how to deal with such an attack. So it is good to see this strong response from the NHS, one that has been well received by cyber security experts.

The NHS intends that the SOC will run a near-real-time monitoring and alerting service that will cover the whole health and care system and improve the ability of the NHS to anticipate future vulnerabilities, while also dealing with current known threats. Their team will proactively monitor the web for security threats and emerging vulnerabilities.

It is a sad reality of life that our health systems can be a target for cybercrime, but it is vital that we give them maximum protection. Not only are they crucial for the smooth running of current health operations, they are also one of the keys to improving the quality and effectiveness of patient care in the future. As well as operational and communications systems, it is also imperative that we protect patient data from attack. (One can’t help but wonder what truly amazing things these skilled criminals could achieve if only they could channel their efforts into something positive, good and worthwhile!)

At Microtest, when we were developing our Guru patient record sharing system, the most significant hurdle was to ensure that the systems were fully compliant with wide-ranging Information Governance and patient confidentiality requirements, and complied with the sensitive way patients want their records treated whilst also demonstrating security by satisfying independent penetration tests.

Other projects relied heavily on streaming vast amounts of copied data from each of their practices to a datacentre which also required a significant amount of storage and bandwidth. Datacentres, storage and bandwidth are all very expensive commodities, so it was decided to innovate by minimising use of these resources without compromising the product. Microtest’s technical staff, practices and consultants arrived at a solution. They created a Guru Integration Engine to field just the data required to display a patient record and only when that patient record was requested. No copies of data are stored anywhere other than where a practice keeps its data, improving security and also saving considerable datacentre , storage and bandwidth resource.

Crucially, the Guru patient record was designed to be fully virtual, making copying of the data impossible and ensuring that after a record is viewed, no traces of the data are left behind on any equipment.

If we are to fully exploit the huge benefits offered to us by healthcare IT systems, then we must continue to devote the maximum energy and innovation into designing the methodologies and cyber security protocols that will protect them.