No Cover Image

Journal article 266 views 28 downloads

Misunderstanding IT: Hospital cybersecurity and software problems reach the courts / Harold, Thimbleby

Digital Evidence and Electronic Signature Law Review, Volume: 15, Pages: 11 - 32

Swansea University Author: Harold, Thimbleby

  • 40642.pdf

    PDF | Version of Record

    This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License (CC-BY-NC-ND).

    Download (917.73KB)

Abstract

The corruption of patient data in a hospital prompted a criminal investigation, resulting in approximately 70 nurses being disciplined, with some charged with wilful neglect contrary to the Mental Capacity Act 2005. Some nurses received custodial sentences. This paper explains the background. The pa...

Full description

Published in: Digital Evidence and Electronic Signature Law Review
ISSN: 2054-8508
Published: Institute of Advanced Legal Studies (IALS)
Online Access: Check full text

URI: https://cronfa.swan.ac.uk/Record/cronfa40642
Tags: Add Tag
No Tags, Be the first to tag this record!
first_indexed 2018-06-06T04:30:08Z
last_indexed 2018-11-12T14:14:55Z
id cronfa40642
recordtype SURis
fullrecord <?xml version="1.0"?><rfc1807><datestamp>2018-11-12T11:42:34.8072044</datestamp><bib-version>v2</bib-version><id>40642</id><entry>2018-06-05</entry><title>Misunderstanding IT: Hospital cybersecurity and software problems reach the courts</title><swanseaauthors><author><sid>c12beb0ab0e333a9a512589d411d17f3</sid><ORCID>0000-0003-2222-4243</ORCID><firstname>Harold</firstname><surname>Thimbleby</surname><name>Harold Thimbleby</name><active>true</active><ethesisStudent>false</ethesisStudent></author></swanseaauthors><date>2018-06-05</date><deptcode>SCS</deptcode><abstract>The corruption of patient data in a hospital prompted a criminal investigation, resulting in approximately 70 nurses being disciplined, with some charged with wilful neglect contrary to the Mental Capacity Act 2005. Some nurses received custodial sentences. This paper explains the background. The paper demonstrates the inability of hospital IT systems and management to provide reliable evidence, and highlights broad problems with poor IT culture affecting manufacturers, hospitals, police, lawyers, and advisors &#x2014; all the way through to regulators and legislators. Widespread misunderstandings of IT and data compromises the provision of effective care as well as legal processes.This paper includes recommendations, the most urgent being that hospitals (the NHS and other national healthcare systems more generally) should acknowledge that IT is unreliable, and that they should procure and actively manage IT equipment with this in mind. Effective and up-to-date monitoring of the legal issues relating to IT generally and cybersecurity should be routine.The NHS needs to improve its IT maturity, management and policies. The police, the legal system and regulators also need a more mature approach to IT. Manufacturers are not currently providing dependable systems that are fit for purpose to operate safely and reliably in normal, complex hospital environments. All parties should engage qualified external oversight.</abstract><type>Journal Article</type><journal>Digital Evidence and Electronic Signature Law Review</journal><volume>15</volume><paginationStart>11</paginationStart><paginationEnd>32</paginationEnd><publisher>Institute of Advanced Legal Studies (IALS)</publisher><issnElectronic>2054-8508</issnElectronic><keywords>cybersecurity; healthcare IT; electronic evidence</keywords><publishedDay>0</publishedDay><publishedMonth>0</publishedMonth><publishedYear>0</publishedYear><publishedDate>0001-01-01</publishedDate><doi>10.14296/deeslr.v15i0.4891</doi><url>http://journals.sas.ac.uk/deeslr/</url><notes>Originality: following an early invited conference keynote paper, this is the first archival full analysis of a major cybersecurity problem in a hospital, based on substantial original data and legal evidence. The paper was invited for the journal, the leading legal evidence journal.Significance: five nurses were tried in the Crown Court for alleged falsification of data; this paper explains how the author proved the IT evidence to have no probative value, so the case collapsed. The paper has been used in Electronic Evidence (4th ed, eds: S Mason &amp; D Seng, 2017, a standard legal reference) which has 3 pages (section 9.90) called "Analysis of failure." The Judge's Ruling (also published in the same journal) makes clear the contribution of Thimbleby to the case. The paper is also cited in the Hopkins Report, a major NHS review. Rigour: the paper is based on deep analysis of evidence provided to the author as an expert witness acting for the court. The paper was written using automatic merging of data to ensure diagrams and figures etc were accurate and anonymised.</notes><college>COLLEGE NANME</college><department>Computer Science</department><CollegeCode>COLLEGE CODE</CollegeCode><DepartmentCode>SCS</DepartmentCode><institution>Swansea University</institution><lastEdited>2018-11-12T11:42:34.8072044</lastEdited><Created>2018-06-05T22:15:56.3002867</Created><path><level id="1">College of Science</level><level id="2">Computer Science</level></path><authors><author><firstname>Harold</firstname><surname>Thimbleby</surname><orcid>0000-0003-2222-4243</orcid><order>1</order></author></authors><documents><document><filename>0040642-06082018093021.pdf</filename><originalFilename>40642.pdf</originalFilename><uploaded>2018-08-06T09:30:21.6370000</uploaded><type>Output</type><contentLength>936470</contentLength><contentType>application/pdf</contentType><version>Version of Record</version><cronfaStatus>true</cronfaStatus><action/><embargoDate>2018-08-06T00:00:00.0000000</embargoDate><documentNotes>This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License (CC-BY-NC-ND).</documentNotes><copyrightCorrect>true</copyrightCorrect><language>eng</language></document></documents></rfc1807>
spelling 2018-11-12T11:42:34.8072044 v2 40642 2018-06-05 Misunderstanding IT: Hospital cybersecurity and software problems reach the courts c12beb0ab0e333a9a512589d411d17f3 0000-0003-2222-4243 Harold Thimbleby Harold Thimbleby true false 2018-06-05 SCS The corruption of patient data in a hospital prompted a criminal investigation, resulting in approximately 70 nurses being disciplined, with some charged with wilful neglect contrary to the Mental Capacity Act 2005. Some nurses received custodial sentences. This paper explains the background. The paper demonstrates the inability of hospital IT systems and management to provide reliable evidence, and highlights broad problems with poor IT culture affecting manufacturers, hospitals, police, lawyers, and advisors — all the way through to regulators and legislators. Widespread misunderstandings of IT and data compromises the provision of effective care as well as legal processes.This paper includes recommendations, the most urgent being that hospitals (the NHS and other national healthcare systems more generally) should acknowledge that IT is unreliable, and that they should procure and actively manage IT equipment with this in mind. Effective and up-to-date monitoring of the legal issues relating to IT generally and cybersecurity should be routine.The NHS needs to improve its IT maturity, management and policies. The police, the legal system and regulators also need a more mature approach to IT. Manufacturers are not currently providing dependable systems that are fit for purpose to operate safely and reliably in normal, complex hospital environments. All parties should engage qualified external oversight. Journal Article Digital Evidence and Electronic Signature Law Review 15 11 32 Institute of Advanced Legal Studies (IALS) 2054-8508 cybersecurity; healthcare IT; electronic evidence 0 0 0 0001-01-01 10.14296/deeslr.v15i0.4891 http://journals.sas.ac.uk/deeslr/ Originality: following an early invited conference keynote paper, this is the first archival full analysis of a major cybersecurity problem in a hospital, based on substantial original data and legal evidence. The paper was invited for the journal, the leading legal evidence journal.Significance: five nurses were tried in the Crown Court for alleged falsification of data; this paper explains how the author proved the IT evidence to have no probative value, so the case collapsed. The paper has been used in Electronic Evidence (4th ed, eds: S Mason & D Seng, 2017, a standard legal reference) which has 3 pages (section 9.90) called "Analysis of failure." The Judge's Ruling (also published in the same journal) makes clear the contribution of Thimbleby to the case. The paper is also cited in the Hopkins Report, a major NHS review. Rigour: the paper is based on deep analysis of evidence provided to the author as an expert witness acting for the court. The paper was written using automatic merging of data to ensure diagrams and figures etc were accurate and anonymised. COLLEGE NANME Computer Science COLLEGE CODE SCS Swansea University 2018-11-12T11:42:34.8072044 2018-06-05T22:15:56.3002867 College of Science Computer Science Harold Thimbleby 0000-0003-2222-4243 1 0040642-06082018093021.pdf 40642.pdf 2018-08-06T09:30:21.6370000 Output 936470 application/pdf Version of Record true 2018-08-06T00:00:00.0000000 This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License (CC-BY-NC-ND). true eng
title Misunderstanding IT: Hospital cybersecurity and software problems reach the courts
spellingShingle Misunderstanding IT: Hospital cybersecurity and software problems reach the courts
Harold, Thimbleby
title_short Misunderstanding IT: Hospital cybersecurity and software problems reach the courts
title_full Misunderstanding IT: Hospital cybersecurity and software problems reach the courts
title_fullStr Misunderstanding IT: Hospital cybersecurity and software problems reach the courts
title_full_unstemmed Misunderstanding IT: Hospital cybersecurity and software problems reach the courts
title_sort Misunderstanding IT: Hospital cybersecurity and software problems reach the courts
author_id_str_mv c12beb0ab0e333a9a512589d411d17f3
author_id_fullname_str_mv c12beb0ab0e333a9a512589d411d17f3_***_Harold, Thimbleby
author Harold, Thimbleby
format Journal article
container_title Digital Evidence and Electronic Signature Law Review
container_volume 15
container_start_page 11
institution Swansea University
issn 2054-8508
doi_str_mv 10.14296/deeslr.v15i0.4891
publisher Institute of Advanced Legal Studies (IALS)
college_str College of Science
hierarchytype
hierarchy_top_id collegeofscience
hierarchy_top_title College of Science
hierarchy_parent_id collegeofscience
hierarchy_parent_title College of Science
department_str Computer Science{{{_:::_}}}College of Science{{{_:::_}}}Computer Science
url http://journals.sas.ac.uk/deeslr/
document_store_str 1
active_str 0
description The corruption of patient data in a hospital prompted a criminal investigation, resulting in approximately 70 nurses being disciplined, with some charged with wilful neglect contrary to the Mental Capacity Act 2005. Some nurses received custodial sentences. This paper explains the background. The paper demonstrates the inability of hospital IT systems and management to provide reliable evidence, and highlights broad problems with poor IT culture affecting manufacturers, hospitals, police, lawyers, and advisors — all the way through to regulators and legislators. Widespread misunderstandings of IT and data compromises the provision of effective care as well as legal processes.This paper includes recommendations, the most urgent being that hospitals (the NHS and other national healthcare systems more generally) should acknowledge that IT is unreliable, and that they should procure and actively manage IT equipment with this in mind. Effective and up-to-date monitoring of the legal issues relating to IT generally and cybersecurity should be routine.The NHS needs to improve its IT maturity, management and policies. The police, the legal system and regulators also need a more mature approach to IT. Manufacturers are not currently providing dependable systems that are fit for purpose to operate safely and reliably in normal, complex hospital environments. All parties should engage qualified external oversight.
published_date 0001-01-01T04:00:19Z
_version_ 1650782444852346880
score 10.868663