Healthcare Sector under Increasing Threat from Data Security Breaches

Healthcare Sector under Increasing Threat from Data Security Breaches

We live in an age where data is increasingly stored online. This is a bonus for many reasons. It makes it easier to retrieve lost data if things go wrong, but it also leaves us vulnerable to hackers and cyber criminals. A data retrieval company can restore client data if a server crashes, but unless there are sufficient security protocols in place, confidential data is a ticking time bomb waiting to happen.

Data Breaches an Epidemic

Data breaches are reaching epidemic proportions. Just as the dust settles on one major data breach, media outlets are reporting on another. In the UK, thousands of National Health Service staff have been left reeling after news broke of a major security attack that released personal information into the public domain. The data breach took place last year, but the data company in charge of IT security only notified the health board at the beginning of January.

Whilst that breach is serious enough, it pales into significance with news that the UK Information Commissioner is investigating concerns that 26 million patients are at risk of sensitive information being shared with unauthorized individuals. The scrutiny comes after it was revealed that one of the most popular data systems used by GPs allowed for enhanced data sharing, which meant anyone could search for sensitive information in a patient’s medical record, even if they had no reason to look.

Enhanced Data Sharing a Risk

The enhanced data sharing capability is used to allow hospitals to access a patient’s medical records. Open access to medical records is essential if a patient attends an outpatient clinic or is admitted to hospital in an emergency. Without access to information contained within the medical records, doctors would struggle to provide bespoke care and make the correct treatment decisions. However, the problem with allowing enhanced sharing is that anyone within the system can look up a patient’s confidential medical records.

Privacy campaign group, med Confidential has described this as a “truly devastating breach”. The head of the British Medical Association’s IT committee has warned GPs using the SystmOne online system that they face a flood of complaints from upset patients and they need to take “urgent action”.

The SystmOne platform is installed across 2,000 different institutions, including prisons and clinics. Information stored on SystmOne is accessible to anyone using the system, irrespective of his or her location.

Data Protection for Patients

Privacy Protection Law states that all patients must be informed if their data is being shared and other people have access to it. Unfortunately, in the case of the SystmOne security breach, patients have not been informed. If this information is accessed for malicious reasons or sensitive data is leaked into the criminal domain, the consequences are potentially disastrous.

The Information Commissioner is now in talks with the owners of SystmOne (TPP) and NHS Digital to find a way to resolve the issue. In the meantime, all doctors have been advised to turn off the enhanced data sharing capability of the system to prevent unauthorized access of sensitive patient records.

Leave a Reply

Your email address will not be published. Required fields are marked *