Cyber security must be ‘high on everyone’s agenda’

He was commenting after an event in London where Indi Singh, NHS England’s head of cyber security, said the health service needed clinicians to champion cyber security.

‘We have to understand cyber security as a cultural movement across every single layer of the NHS,’ Mr Singh told the Westminster Health Forum’s conference on patient records and data in the NHS.

‘Nearly every week, we get an indication in the wider press that hacks and threats have happened and that they are becoming increasingly sophisticated.

‘With the sensitivity around health and care information, we need to understand the importance and relevance of protecting information. Particularly in the context of enabling integrated care, we have to ensure that all parts of the chain are robust.’

Mr Tolan agreed, saying: ‘We have examples where cyber security breaches have caused chaos and had a direct impact on patients. Cyber security needs to be high on everyone’s agenda so we can support the protection of patient data and ensure continuity of care.’

Ransomware

In a stark warning to the conference, Phil Booth of medConfidential, which campaigns for confidentiality of medical records, said the NHS remains woefully unprepared for a cyber attack.

‘WannaCry was characterised as an NHS cyber attack, but it was nothing of the sort,’ he said.

‘It was simply a piece of ransomware, and the NHS was in such a parlous state, that it looked like an attack specifically on the health service.’

medConfidential was aware of state-based Chinese hackers getting 50 million records from the US, he told the event.

They didn’t do this to sell them, Mr Booth explained, but because China has a growing obesity problem and wanted immediate access to data – rather than waiting for its own researchers to find and publish data.

‘Let’s be clear, the actors in play here are going to want NHS data,’ he said.