No Cover Image

Conference contribution 819 views 347 downloads

Cybersecurity problems in a typical hospital (and probably in all of them) / Harold Thimbleby

Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium, Pages: 415 - 439

Swansea University Author: Thimbleby, Harold

Abstract

A criminal case balancing on the corruption of patient data in a UK hospital resulted in some nurses being acquitted and some given community service and custodial sentences. This paper explains the background, demonstrates the inability of hospital IT systems to provide reliable evidence, and highl...

Full description

Published in: Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium
ISSN: 9781540796288
Published: Developments in System Safety Engineering [SCSC-135] 2017
Online Access: Check full text

URI: https://cronfa.swan.ac.uk/Record/cronfa32502
Tags: Add Tag
No Tags, Be the first to tag this record!
first_indexed 2017-03-20T14:08:28Z
last_indexed 2018-02-09T05:20:28Z
id cronfa32502
recordtype SURis
fullrecord <?xml version="1.0"?><rfc1807><datestamp>2017-05-21T10:09:29Z</datestamp><bib-version>v2</bib-version><id>32502</id><entry>2017-03-20</entry><title>Cybersecurity problems in a typical hospital (and probably in all of them)</title><alternativeTitle></alternativeTitle><author>Harold Thimbleby</author><firstname>Harold</firstname><surname>Thimbleby</surname><active>true</active><ORCID>0000-0003-2222-4243</ORCID><ethesisStudent>false</ethesisStudent><sid>c12beb0ab0e333a9a512589d411d17f3</sid><email>852dab40aa1d5d20dfb30450912b606d</email><emailaddr>rp8tB9Bclt4VAKVpecPRrB8j7kl4zZwebz0wEHEQAUk=</emailaddr><date>2017-03-20</date><deptcode>SCS</deptcode><abstract>A criminal case balancing on the corruption of patient data in a UK hospital resulted in some nurses being acquitted and some given community service and custodial sentences. This paper explains the background, demonstrates the inability of hospital IT systems to provide reliable evidence, and highlights broader problems with IT culture affecting manufacturers, hospitals, police, legal advisors &#x2014; and ultimately misleading clinicians and compromising delivery of care. The NHS (and healthcare more generally) urgently needs to improve its IT awareness, management and policies. The police and the legal system need a more mature approach to IT. Manufacturers need to provide dependable systems that are fit for purpose for complex hospital environments. Regulators should ensure that systems meet better standards of quality and dependability. This paper includes recommendations; the most fundamental being that hospitals acknowledge that IT is unreliable and they should procure and manage equipment with this in mind. In particular, mature and effective data protection and cybersecurity policies must be in place and used proactively. When problems occur, evidence derived from IT (whether systems or devices) must not be used in legal or disciplinary investigations without extreme care and independent proof of provenance.</abstract><type>Conference contribution</type><journal>Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium</journal><volume/><journalNumber/><paginationStart>415</paginationStart><paginationEnd>439</paginationEnd><publisher>Developments in System Safety Engineering [SCSC-135]</publisher><placeOfPublication/><isbnPrint/><isbnElectronic/><issnPrint>9781540796288</issnPrint><issnElectronic/><keywords>Cybersecurity, healthcare IT</keywords><publishedDay>9</publishedDay><publishedMonth>2</publishedMonth><publishedYear>2017</publishedYear><publishedDate>2017-02-09</publishedDate><doi></doi><url>http://harold.thimbleby.net/NICE/SSS17cybersecurity.pdf</url><notes></notes><college>College of Science</college><department>Computer Science</department><CollegeCode>CSCI</CollegeCode><DepartmentCode>SCS</DepartmentCode><institution/><researchGroup>None</researchGroup><supervisor/><sponsorsfunders/><grantnumber/><degreelevel/><degreename>None</degreename><lastEdited>2017-05-21T10:09:29Z</lastEdited><Created>2017-03-20T09:11:36Z</Created><path><level id="1">College of Science</level><level id="2">Computer Science</level></path><authors><author><firstname>Harold</firstname><surname>Thimbleby</surname><orcid/><order>1</order></author></authors><documents><document><filename>0032502-20032017091806.pdf</filename><originalFilename>SSS17cybersecurity.pdf</originalFilename><uploaded>2017-03-20T09:18:06Z</uploaded><type>Output</type><contentLength>2952603</contentLength><contentType>application/pdf</contentType><version>VoR</version><cronfaStatus>true</cronfaStatus><action>Published to Cronfa</action><actionDate>08/05/2017</actionDate><embargoDate>2017-03-20T00:00:00</embargoDate><documentNotes/><copyrightCorrect>true</copyrightCorrect><language>eng</language></document></documents></rfc1807>
spelling 2017-05-21T10:09:29Z v2 32502 2017-03-20 Cybersecurity problems in a typical hospital (and probably in all of them) Harold Thimbleby Harold Thimbleby true 0000-0003-2222-4243 false c12beb0ab0e333a9a512589d411d17f3 852dab40aa1d5d20dfb30450912b606d rp8tB9Bclt4VAKVpecPRrB8j7kl4zZwebz0wEHEQAUk= 2017-03-20 SCS A criminal case balancing on the corruption of patient data in a UK hospital resulted in some nurses being acquitted and some given community service and custodial sentences. This paper explains the background, demonstrates the inability of hospital IT systems to provide reliable evidence, and highlights broader problems with IT culture affecting manufacturers, hospitals, police, legal advisors — and ultimately misleading clinicians and compromising delivery of care. The NHS (and healthcare more generally) urgently needs to improve its IT awareness, management and policies. The police and the legal system need a more mature approach to IT. Manufacturers need to provide dependable systems that are fit for purpose for complex hospital environments. Regulators should ensure that systems meet better standards of quality and dependability. This paper includes recommendations; the most fundamental being that hospitals acknowledge that IT is unreliable and they should procure and manage equipment with this in mind. In particular, mature and effective data protection and cybersecurity policies must be in place and used proactively. When problems occur, evidence derived from IT (whether systems or devices) must not be used in legal or disciplinary investigations without extreme care and independent proof of provenance. Conference contribution Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium 415 439 Developments in System Safety Engineering [SCSC-135] 9781540796288 Cybersecurity, healthcare IT 9 2 2017 2017-02-09 http://harold.thimbleby.net/NICE/SSS17cybersecurity.pdf College of Science Computer Science CSCI SCS None None 2017-05-21T10:09:29Z 2017-03-20T09:11:36Z College of Science Computer Science Harold Thimbleby 1 0032502-20032017091806.pdf SSS17cybersecurity.pdf 2017-03-20T09:18:06Z Output 2952603 application/pdf VoR true Published to Cronfa 08/05/2017 2017-03-20T00:00:00 true eng
title Cybersecurity problems in a typical hospital (and probably in all of them)
spellingShingle Cybersecurity problems in a typical hospital (and probably in all of them)
Thimbleby, Harold
title_short Cybersecurity problems in a typical hospital (and probably in all of them)
title_full Cybersecurity problems in a typical hospital (and probably in all of them)
title_fullStr Cybersecurity problems in a typical hospital (and probably in all of them)
title_full_unstemmed Cybersecurity problems in a typical hospital (and probably in all of them)
title_sort Cybersecurity problems in a typical hospital (and probably in all of them)
author_id_str_mv c12beb0ab0e333a9a512589d411d17f3
author_id_fullname_str_mv c12beb0ab0e333a9a512589d411d17f3_***_Thimbleby, Harold
author Thimbleby, Harold
author2 Harold Thimbleby
format Conference contribution
container_title Developing Safe Systems, Proceedings of the 25th Safety-Critical Systems Symposium
container_start_page 415
publishDate 2017
institution Swansea University
issn 9781540796288
publisher Developments in System Safety Engineering [SCSC-135]
college_str College of Science
hierarchytype
hierarchy_top_id collegeofscience
hierarchy_top_title College of Science
hierarchy_parent_id collegeofscience
hierarchy_parent_title College of Science
department_str Computer Science{{{_:::_}}}College of Science{{{_:::_}}}Computer Science
url http://harold.thimbleby.net/NICE/SSS17cybersecurity.pdf
document_store_str 1
active_str 1
description A criminal case balancing on the corruption of patient data in a UK hospital resulted in some nurses being acquitted and some given community service and custodial sentences. This paper explains the background, demonstrates the inability of hospital IT systems to provide reliable evidence, and highlights broader problems with IT culture affecting manufacturers, hospitals, police, legal advisors — and ultimately misleading clinicians and compromising delivery of care. The NHS (and healthcare more generally) urgently needs to improve its IT awareness, management and policies. The police and the legal system need a more mature approach to IT. Manufacturers need to provide dependable systems that are fit for purpose for complex hospital environments. Regulators should ensure that systems meet better standards of quality and dependability. This paper includes recommendations; the most fundamental being that hospitals acknowledge that IT is unreliable and they should procure and manage equipment with this in mind. In particular, mature and effective data protection and cybersecurity policies must be in place and used proactively. When problems occur, evidence derived from IT (whether systems or devices) must not be used in legal or disciplinary investigations without extreme care and independent proof of provenance.
published_date 2017-02-09T05:36:46Z
_version_ 1642359220629143552
score 10.8362255