IEEE comments on cybersecurity risk

As the Health Secretary Sajid Javid unveils the  government’s new digital strategy, which will ensure all researchers and healthcare providers can access patient data ‘safely and efficiently’, as it looks to ‘close the digital divide’ between the NHS and social care, with the minister pledging to ‘improve the public’s trust in data’ making it far easier for people to opt out if they wish.

We asked Kevin Curran, IEEE (www.ieee.org) senior member and professor of cybersecurity at the University of Ulster whether there should be greater visibility and accountability with regards to the use of our healthcare data.

“Whilst this is a step in the right direction, moving health records online will naturally raise some concerns.  Any systems which provide externally facing data must be robust in their authentication mechanisms and have protections in place to limit the security risks of web-based applications.  Whilst increased digital transformation does seem like a natural progression, there is a difference between having computerised records within our healthcare IT infrastructure and having those records reside on a public facing server.  Having records inhouse limits the range and type of access – its far more difficult for remote hackers.”

“There are techniques that healthcare organizations can use to reduce the risk of future data breaches.  One way is to make it ‘opt in’, so patients have the choice to decide whether their medical information is moved to a public facing service so that they can access it.  However, those who do not opt in or download the app instead should have their records hosted in a non-public-facing cloud service.  This way, if a data breach does occur, those who never used the app, or not wanted to, will not have had their details released.”

“Developing a secure and robust web application is incredibly hard.  Of course, the teams involved in this initiative will be aiming to deliver a secure and reliable service, of that there can be no question.  However, the cyber security strategy will need to be extensive – with increased digitization comes increased risk.”