1. Forum
  2. tqw
  3. TQW GENTECH

  • Before moving from "analogue to digital," the NHS has to fix its

    From TechnologyDaily@1337:1/100 to All on Thursday, October 24, 2024 16:30:05
    Before moving from "analogue to digital," the NHS has to fix its privacy flaws

    Date:
    Thu, 24 Oct 2024 15:24:09 +0000

    Description:
    "Patient passports" promise to fix UK's flawed health system. Yet, they could eventually lead to a security and privacy nightmare for our most sensitive data.

    FULL STORY ======================================================================

    Create a centralized database to make patient health records easily
    accessible by all NHS services, like hospitals, GP surgeries, and ambulances. These so-called "patient passports" are the main innovation of the government plan unveiled on Monday , October 21, to transform the NHS from "analog to digital" over the next decade.

    Wes Steering, the health secretary, promises these changes will modernize the country's healthcare institutions to considerably speed up patient care and reduce human errors. A new law, the Data (Use and Access) Bill , is also expected to support this transition and create a standard system where
    sharing these digital records is the new norm.

    At first glance, fixing the issues currently crippling the NHS by embracing the power of digital tools looks like a much-needed step. Some European countries have been using a similar system for years Estonia began digitalizing all patient records in 2008, for example. Yet, privacy experts (myself included) can see how easy it might be for this ambitious plan to
    turn into yet another privacy nightmare at the cost of our most sensitive information. NHS has a bad track record in protecting our data

    Let's start with the obvious so far, the NHS has been really bad at protecting patients' health data against hackers.

    The health data of UK citizens has been leaked on several occasions this
    year, landing on the dark web . On March 15, for example, a ransomware gang hacked Into NHS Dumfries and Galloway 's digital database and stole identifying information belonging to both staff and patients, including
    mental health data of children.

    Pathology service provider Synnovis also suffered a major attack in June, resulting in hundreds of gigabytes of sensitive patient data leaking online.
    A National Cyber Security Centre (NCSC) executive, Professor Ciaran Martin, warned at the time against the risk of further attacks caused by the NHS IT systems being "out of date ."

    I don't trust that the NHS will take good care of my data anytime soon

    More recently, in August, the UK Information Commissioner's Office (ICO)
    filed a provisional fine of 6 million following the 2022 medical records hack that saw the personal information of almost 83k people compromised.

    2023 was also a bad year for people's health data security. Over a million
    NHS patients have had their sensitive information leaked following a ransomware attack on the University of Manchester affecting 250 GB, or over
    a decades worth, of patient data. Worse still, the security vulnerabilities
    of the NHS go back as far as 2012 when the personal information of over 1.8 million patients and staff was exposed.

    This trend is only likely to increase considering that cyberattacks are more frequent and destructive than ever thanks to the spread of AI and machine learning software. According to experts, healthcare is among the fields hit the most .

    All this is even more worrying considering that, at the time of writing, the government's ambitious plan is at a mere consultation stage AKA, "we still have to figure out how to make these patient passports hacking-proof."

    Well, I don't know about you but, as the situation stands now, I don't trust that the NHS will take good care of my data anytime soon. No clear plan to escape the "Big Brother" effect

    Besides data security, there's also another pressing question: how does the government plan to prevent privacy abuse? The plan is, Steering says, "to ensure patients data is protected and anonymized." That's great on paper, at least. Again, authorities don't have a clue how to do that in practice and who knows if they ever will.

    As health privacy advocates group medConfidential pointed out, these patient records will be accessible by any of the NHSs 1.5 million staff. "Wes Streeting is planning a big brother database," said Sam Smith, a spokesperson for the group, according to the Guardian . "A gift to stalkers and creeps who misuse NHS systems to find out the most basic private details that people
    only tell their doctors."

    Such a centralized database also increases the risk of private medical data being sold to big pharma and other companies without patients knowing about it. After all, something similar already happened with today's messy and scattered health record system. Last year, an Observer investigation shed light on how a covert tracking tool placed on the websites of 20 NHS trusts has for years collected browsing information and shared it with Facebook.

    I also agree with privacy expert Jamie Akhtar, co-founder and CEO at CyberSmart, when he says that medical records will pass from being managed by healthcare professionals to "the control of politicians, who might decide to sell this sensitive information to the highest bidder," as Yahoo News
    reported . NHS APP: now and tomorrow (Image credit: Photo by Jaap Arriens/NurPhoto via Getty Images ) While an NHS App already exists, this comes with limitations as patients are still held locally (on their GP and visited hospitals system). The new app will de-facto reunite all the information about a patient across all parts of the health service in one place.

    As we have seen, there's still a lot that we don't know about the current UK government's plan of action to execute its ambitious goal of making the NHS great again. What we do know, though, is that Britons aren't hopeful about
    the idea.

    A public consultation published in May depicts a grim picture of public trust in the UK's healthcare institutions, with respondents completely lacking confidence in the NHS cybersecurity system. Four out of five patients believe that NHS systems are vulnerable to cyberattacks. Moreover, almost half (49%) strongly believe that the NHS could make mistakes in the handling of their data.

    Wes Steering is now urging both NHS staff and patients to take part in the "national conversation. You have time until the start of next year to voice your concerns and share ideas at change.nhs.uk .

    Yes, we all know that the NHS needs to be better, but to do so it's crucial
    to have a solid plan of action to protect people's data privacy and security. Noble ideas alone won't save our most sensitive information from being leaked and abused.



    ======================================================================
    Link to news story: https://www.techradar.com/computing/cyber-security/before-moving-from-analogue -to-digital-the-nhs-has-to-fix-its-privacy-flaws


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)