Journal article 1230 views 181 downloads
Misunderstanding IT: Hospital cybersecurity and software problems reach the courts
Harold Thimbleby 
Digital Evidence and Electronic Signature Law Review, Volume: 15, Pages: 11 - 32
Swansea University Author:
Harold Thimbleby
-
PDF | Version of Record
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License (CC-BY-NC-ND).
Download (917.73KB)
DOI (Published version): 10.14296/deeslr.v15i0.4891
Abstract
The corruption of patient data in a hospital prompted a criminal investigation, resulting in approximately 70 nurses being disciplined, with some charged with wilful neglect contrary to the Mental Capacity Act 2005. Some nurses received custodial sentences. This paper explains the background. The pa...
| Published in: | Digital Evidence and Electronic Signature Law Review |
|---|---|
| ISSN: | 2054-8508 |
| Published: |
Institute of Advanced Legal Studies (IALS)
2018
|
| Online Access: |
Check full text
|
| URI: | https://cronfa.swan.ac.uk/Record/cronfa40642 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| first_indexed |
2018-06-06T04:30:08Z |
|---|---|
| last_indexed |
2023-02-15T03:50:00Z |
| id |
cronfa40642 |
| recordtype |
SURis |
| fullrecord |
<?xml version="1.0"?><rfc1807><datestamp>2023-02-14T15:41:40.4364661</datestamp><bib-version>v2</bib-version><id>40642</id><entry>2018-06-05</entry><title>Misunderstanding IT: Hospital cybersecurity and software problems reach the courts</title><swanseaauthors><author><sid>c12beb0ab0e333a9a512589d411d17f3</sid><ORCID>0000-0003-2222-4243</ORCID><firstname>Harold</firstname><surname>Thimbleby</surname><name>Harold Thimbleby</name><active>true</active><ethesisStudent>false</ethesisStudent></author></swanseaauthors><date>2018-06-05</date><deptcode>FGSEN</deptcode><abstract>The corruption of patient data in a hospital prompted a criminal investigation, resulting in approximately 70 nurses being disciplined, with some charged with wilful neglect contrary to the Mental Capacity Act 2005. Some nurses received custodial sentences. This paper explains the background. The paper demonstrates the inability of hospital IT systems and management to provide reliable evidence, and highlights broad problems with poor IT culture affecting manufacturers, hospitals, police, lawyers, and advisors — all the way through to regulators and legislators. Widespread misunderstandings of IT and data compromises the provision of effective care as well as legal processes.This paper includes recommendations, the most urgent being that hospitals (the NHS and other national healthcare systems more generally) should acknowledge that IT is unreliable, and that they should procure and actively manage IT equipment with this in mind. Effective and up-to-date monitoring of the legal issues relating to IT generally and cybersecurity should be routine.The NHS needs to improve its IT maturity, management and policies. The police, the legal system and regulators also need a more mature approach to IT. Manufacturers are not currently providing dependable systems that are fit for purpose to operate safely and reliably in normal, complex hospital environments. All parties should engage qualified external oversight.</abstract><type>Journal Article</type><journal>Digital Evidence and Electronic Signature Law Review</journal><volume>15</volume><journalNumber/><paginationStart>11</paginationStart><paginationEnd>32</paginationEnd><publisher>Institute of Advanced Legal Studies (IALS)</publisher><placeOfPublication/><isbnPrint/><isbnElectronic/><issnPrint/><issnElectronic>2054-8508</issnElectronic><keywords>cybersecurity; healthcare IT; electronic evidence</keywords><publishedDay>25</publishedDay><publishedMonth>8</publishedMonth><publishedYear>2018</publishedYear><publishedDate>2018-08-25</publishedDate><doi>10.14296/deeslr.v15i0.4891</doi><url>http://journals.sas.ac.uk/deeslr/</url><notes>Originality: following an early invited conference keynote paper, this is the first archival full analysis of a major cybersecurity problem in a hospital, based on substantial original data and legal evidence. The paper was invited for the journal, the leading legal evidence journal.Significance: five nurses were tried in the Crown Court for alleged falsification of data; this paper explains how the author proved the IT evidence to have no probative value, so the case collapsed. The paper has been used in Electronic Evidence (4th ed, eds: S Mason & D Seng, 2017, a standard legal reference) which has 3 pages (section 9.90) called "Analysis of failure." The Judge's Ruling (also published in the same journal) makes clear the contribution of Thimbleby to the case. The paper is also cited in the Hopkins Report, a major NHS review. Rigour: the paper is based on deep analysis of evidence provided to the author as an expert witness acting for the court. The paper was written using automatic merging of data to ensure diagrams and figures etc were accurate and anonymised.</notes><college>COLLEGE NANME</college><department>Science and Engineering - Faculty</department><CollegeCode>COLLEGE CODE</CollegeCode><DepartmentCode>FGSEN</DepartmentCode><institution>Swansea University</institution><apcterm/><funders/><projectreference/><lastEdited>2023-02-14T15:41:40.4364661</lastEdited><Created>2018-06-05T22:15:56.3002867</Created><path><level id="1">Faculty of Science and Engineering</level><level id="2">School of Mathematics and Computer Science - Computer Science</level></path><authors><author><firstname>Harold</firstname><surname>Thimbleby</surname><orcid>0000-0003-2222-4243</orcid><order>1</order></author></authors><documents><document><filename>0040642-06082018093021.pdf</filename><originalFilename>40642.pdf</originalFilename><uploaded>2018-08-06T09:30:21.6370000</uploaded><type>Output</type><contentLength>936470</contentLength><contentType>application/pdf</contentType><version>Version of Record</version><cronfaStatus>true</cronfaStatus><embargoDate>2018-08-06T00:00:00.0000000</embargoDate><documentNotes>This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License (CC-BY-NC-ND).</documentNotes><copyrightCorrect>true</copyrightCorrect><language>eng</language></document></documents><OutputDurs/></rfc1807> |
| spelling |
2023-02-14T15:41:40.4364661 v2 40642 2018-06-05 Misunderstanding IT: Hospital cybersecurity and software problems reach the courts c12beb0ab0e333a9a512589d411d17f3 0000-0003-2222-4243 Harold Thimbleby Harold Thimbleby true false 2018-06-05 FGSEN The corruption of patient data in a hospital prompted a criminal investigation, resulting in approximately 70 nurses being disciplined, with some charged with wilful neglect contrary to the Mental Capacity Act 2005. Some nurses received custodial sentences. This paper explains the background. The paper demonstrates the inability of hospital IT systems and management to provide reliable evidence, and highlights broad problems with poor IT culture affecting manufacturers, hospitals, police, lawyers, and advisors — all the way through to regulators and legislators. Widespread misunderstandings of IT and data compromises the provision of effective care as well as legal processes.This paper includes recommendations, the most urgent being that hospitals (the NHS and other national healthcare systems more generally) should acknowledge that IT is unreliable, and that they should procure and actively manage IT equipment with this in mind. Effective and up-to-date monitoring of the legal issues relating to IT generally and cybersecurity should be routine.The NHS needs to improve its IT maturity, management and policies. The police, the legal system and regulators also need a more mature approach to IT. Manufacturers are not currently providing dependable systems that are fit for purpose to operate safely and reliably in normal, complex hospital environments. All parties should engage qualified external oversight. Journal Article Digital Evidence and Electronic Signature Law Review 15 11 32 Institute of Advanced Legal Studies (IALS) 2054-8508 cybersecurity; healthcare IT; electronic evidence 25 8 2018 2018-08-25 10.14296/deeslr.v15i0.4891 http://journals.sas.ac.uk/deeslr/ Originality: following an early invited conference keynote paper, this is the first archival full analysis of a major cybersecurity problem in a hospital, based on substantial original data and legal evidence. The paper was invited for the journal, the leading legal evidence journal.Significance: five nurses were tried in the Crown Court for alleged falsification of data; this paper explains how the author proved the IT evidence to have no probative value, so the case collapsed. The paper has been used in Electronic Evidence (4th ed, eds: S Mason & D Seng, 2017, a standard legal reference) which has 3 pages (section 9.90) called "Analysis of failure." The Judge's Ruling (also published in the same journal) makes clear the contribution of Thimbleby to the case. The paper is also cited in the Hopkins Report, a major NHS review. Rigour: the paper is based on deep analysis of evidence provided to the author as an expert witness acting for the court. The paper was written using automatic merging of data to ensure diagrams and figures etc were accurate and anonymised. COLLEGE NANME Science and Engineering - Faculty COLLEGE CODE FGSEN Swansea University 2023-02-14T15:41:40.4364661 2018-06-05T22:15:56.3002867 Faculty of Science and Engineering School of Mathematics and Computer Science - Computer Science Harold Thimbleby 0000-0003-2222-4243 1 0040642-06082018093021.pdf 40642.pdf 2018-08-06T09:30:21.6370000 Output 936470 application/pdf Version of Record true 2018-08-06T00:00:00.0000000 This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 4.0 International License (CC-BY-NC-ND). true eng |
| title |
Misunderstanding IT: Hospital cybersecurity and software problems reach the courts |
| spellingShingle |
Misunderstanding IT: Hospital cybersecurity and software problems reach the courts Harold Thimbleby |
| title_short |
Misunderstanding IT: Hospital cybersecurity and software problems reach the courts |
| title_full |
Misunderstanding IT: Hospital cybersecurity and software problems reach the courts |
| title_fullStr |
Misunderstanding IT: Hospital cybersecurity and software problems reach the courts |
| title_full_unstemmed |
Misunderstanding IT: Hospital cybersecurity and software problems reach the courts |
| title_sort |
Misunderstanding IT: Hospital cybersecurity and software problems reach the courts |
| author_id_str_mv |
c12beb0ab0e333a9a512589d411d17f3 |
| author_id_fullname_str_mv |
c12beb0ab0e333a9a512589d411d17f3_***_Harold Thimbleby |
| author |
Harold Thimbleby |
| author2 |
Harold Thimbleby |
| format |
Journal article |
| container_title |
Digital Evidence and Electronic Signature Law Review |
| container_volume |
15 |
| container_start_page |
11 |
| publishDate |
2018 |
| institution |
Swansea University |
| issn |
2054-8508 |
| doi_str_mv |
10.14296/deeslr.v15i0.4891 |
| publisher |
Institute of Advanced Legal Studies (IALS) |
| college_str |
Faculty of Science and Engineering |
| hierarchytype |
|
| hierarchy_top_id |
facultyofscienceandengineering |
| hierarchy_top_title |
Faculty of Science and Engineering |
| hierarchy_parent_id |
facultyofscienceandengineering |
| hierarchy_parent_title |
Faculty of Science and Engineering |
| department_str |
School of Mathematics and Computer Science - Computer Science{{{_:::_}}}Faculty of Science and Engineering{{{_:::_}}}School of Mathematics and Computer Science - Computer Science |
| url |
http://journals.sas.ac.uk/deeslr/ |
| document_store_str |
1 |
| active_str |
0 |
| description |
The corruption of patient data in a hospital prompted a criminal investigation, resulting in approximately 70 nurses being disciplined, with some charged with wilful neglect contrary to the Mental Capacity Act 2005. Some nurses received custodial sentences. This paper explains the background. The paper demonstrates the inability of hospital IT systems and management to provide reliable evidence, and highlights broad problems with poor IT culture affecting manufacturers, hospitals, police, lawyers, and advisors — all the way through to regulators and legislators. Widespread misunderstandings of IT and data compromises the provision of effective care as well as legal processes.This paper includes recommendations, the most urgent being that hospitals (the NHS and other national healthcare systems more generally) should acknowledge that IT is unreliable, and that they should procure and actively manage IT equipment with this in mind. Effective and up-to-date monitoring of the legal issues relating to IT generally and cybersecurity should be routine.The NHS needs to improve its IT maturity, management and policies. The police, the legal system and regulators also need a more mature approach to IT. Manufacturers are not currently providing dependable systems that are fit for purpose to operate safely and reliably in normal, complex hospital environments. All parties should engage qualified external oversight. |
| published_date |
2018-08-25T03:51:44Z |
| _version_ |
1763752547063955456 |
| score |
11.035634 |