Conference Paper/Proceeding/Abstract 1963 views 601 downloads
Cybersecurity problems in a typical hospital (and probably in all of them)
Harold Thimbleby 
Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium, Pages: 415 - 439
Swansea University Author:
Harold Thimbleby
-
PDF | Version of Record
Download (2.84MB)
Abstract
A criminal case balancing on the corruption of patient data in a UK hospital resulted in some nurses being acquitted and some given community service and custodial sentences. This paper explains the background, demonstrates the inability of hospital IT systems to provide reliable evidence, and highl...
| Published in: | Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium |
|---|---|
| ISSN: | 9781540796288 |
| Published: |
Developments in System Safety Engineering [SCSC-135]
2017
|
| Online Access: |
Check full text
|
| URI: | https://cronfa.swan.ac.uk/Record/cronfa32502 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Abstract: |
A criminal case balancing on the corruption of patient data in a UK hospital resulted in some nurses being acquitted and some given community service and custodial sentences. This paper explains the background, demonstrates the inability of hospital IT systems to provide reliable evidence, and highlights broader problems with IT culture affecting manufacturers, hospitals, police, legal advisors — and ultimately misleading clinicians and compromising delivery of care. The NHS (and healthcare more generally) urgently needs to improve its IT awareness, management and policies. The police and the legal system need a more mature approach to IT. Manufacturers need to provide dependable systems that are fit for purpose for complex hospital environments. Regulators should ensure that systems meet better standards of quality and dependability. This paper includes recommendations; the most fundamental being that hospitals acknowledge that IT is unreliable and they should procure and manage equipment with this in mind. In particular, mature and effective data protection and cybersecurity policies must be in place and used proactively. When problems occur, evidence derived from IT (whether systems or devices) must not be used in legal or disciplinary investigations without extreme care and independent proof of provenance. |
|---|---|
| Keywords: |
Cybersecurity, healthcare IT |
| Start Page: |
415 |
| End Page: |
439 |