No Cover Image

Conference contribution 159 views 48 downloads

Cybersecurity problems in a typical hospital (and probably in all of them) / Harold Thimbleby

Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium, Pages: 415 - 439

Swansea University Author: Thimbleby, Harold

Abstract

A criminal case balancing on the corruption of patient data in a UK hospital resulted in some nurses being acquitted and some given community service and custodial sentences. This paper explains the background, demonstrates the inability of hospital IT systems to provide reliable evidence, and highl...

Full description

Published in: Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium
ISSN: 9781540796288
Published: Developments in System Safety Engineering [SCSC-135] 2017
Online Access: Check full text

URI: https://cronfa.swan.ac.uk/Record/cronfa32502
Tags: Add Tag
No Tags, Be the first to tag this record!
Abstract: A criminal case balancing on the corruption of patient data in a UK hospital resulted in some nurses being acquitted and some given community service and custodial sentences. This paper explains the background, demonstrates the inability of hospital IT systems to provide reliable evidence, and highlights broader problems with IT culture affecting manufacturers, hospitals, police, legal advisors — and ultimately misleading clinicians and compromising delivery of care. The NHS (and healthcare more generally) urgently needs to improve its IT awareness, management and policies. The police and the legal system need a more mature approach to IT. Manufacturers need to provide dependable systems that are fit for purpose for complex hospital environments. Regulators should ensure that systems meet better standards of quality and dependability. This paper includes recommendations; the most fundamental being that hospitals acknowledge that IT is unreliable and they should procure and manage equipment with this in mind. In particular, mature and effective data protection and cybersecurity policies must be in place and used proactively. When problems occur, evidence derived from IT (whether systems or devices) must not be used in legal or disciplinary investigations without extreme care and independent proof of provenance.
Keywords: Cybersecurity, healthcare IT
College: College of Science
Start Page: 415
End Page: 439