Just last month, a cyberattack that impacted several London hospitals including King’s College Hospital NHS Foundation Trust and Guy’s and St Thomas’ NHS Foundation Trust resulted in over 1,000 planned operations and 3,000 outpatient appointments being postponed. According to the founder of the UK’s National Cyber Security Centre (NCSC), this might not be an anomaly, thanks to the NHS’s outdated IT systems and lack of basic security practices.

Just like the infamous 2017 WannaCry attack, the incident serves as a reminder of the importance of data protection for healthcare organisations. With budget concerns and talent shortages rife throughout the sector, it’s easy to see why implementing robust cybersecurity strategies can slip down the priority list, however in today’s digital landscape, it is a necessity.

A costly business

Research released last year revealed that three in four (76%) healthcare organisations around the world have experienced a successful ransomware attack and two thirds (65%) have experienced data loss from other types of attack. almost half (43%) of those organisations consider data security as their primary risk. This comes ahead of economic uncertainty (39%) and the adoption of emerging technologies like AI (32%).

A cyberattack has the potential to destroy any business. When it comes to the healthcare industry, especially the UK’s National Health Service (NHS) which services a large portion of the population, an attack feels more personal. Its impact is widespread and unavoidable. At a base level, cyberattacks can disrupt medical services and cripple hospital operations. This is because, when systems are down, essential patient information is inaccessible. This can delay medical procedures and compromise patient care. It can also increase the risk of medical errors and negatively impact treatment outcomes.

Beyond this, cyberattacks also frequently result in hefty financial costs. Sometimes this is in the form of immediate ransomware payments, however, any prolonged downtime and recovery following an attack could also have an impact. In the healthcare space, it can be even more tempting to pay off the attackers, due to the sensitivity of the information they manage to get hold of.

Another implication which isn’t always considered is the impact a cyberattack will have in terms of patient trust. A cyberattack in which malicious actors manage to access sensitive data can lead to a loss of confidence in an organisation’s data safeguarding abilities and can seriously damage its long-term reputation.

Safeguarding the health industry against the inevitable

In today’s digital age, the question is not if a healthcare organisation will face a cyberattack, but when. With that in mind, those in the health sector must be ready to mitigate the effects and recover quickly. Here are some ways in which health organisations can improve their safeguarding and protect data from attackers:

• Implement a data backup and recovery plan designed for the safeguarding of essential health data and ensure business continuity. Backup processes should capture all critical data and be executed at regular intervals. Coupled with a swift recovery process, data backup and recovery help minimise downtime and ensure business continuity when data is lost due to malicious activities.
• Invest in cyber awareness training. Develop and implement an ongoing cyber awareness programme to educate the entire organisation on the latest cyber threats and the policies to avoid them. The programme should be continually updated to reflect emerging threats and remain a critical line of defense in identifying and thwarting potential cybercrimes.
• Deploying advanced security technologies like firewalls, anti-malware tools, and intrusion detection systems that use AI and machine learning for predictive threat analysis and response.
• Regularly stress test and break systems to identify where the weak points are. Often organisations – especially within the public sector – implement security strategies and then wait until an incident occurs to see whether their framework is effective. With the regularity of attacks in the current landscape, this cannot adequately anticipate the scale at which breaches are attempted.

The ability to deliver effective healthcare services relies on data. It is what enables nurses and doctors to diagnose their patients, it is what ensures that patients are not given medication that they are allergic to, and it is what helps us as a society to develop life-saving treatments and innovations. Unfortunately, attackers know this, and they are not above using it to their advantage.

Whilst facing cyberattacks is inevitable for healthcare organisations, losing data doesn’t have to be. Data protection strategies and cybersecurity tools can enhance defense mechanisms and improve the healthcare industry’s ability to respond promptly to emerging threats.

By Oliver Norman, Regional Vice President for UK & Ireland at Veritas Technologies

The post Safeguarding our Health -Why Data Protection is Key for Today’s Healthcare Organisations appeared first on .

Sharing NHS data with the right sources could save millions of lives. Sharing it with the wrong sources can destroy them. Such is the tightrope facing the NHS as it struggles to realise the potential of its data whilst ring fencing it from threats.

The rich and detailed nature of medical data makes it invaluable for both benevolent and malign forces alike. Within the medical field, NHS data helps researchers develop treatments for life-altering conditions like cancer, diabetes, and heart disease; procurement teams can use it to help the NHS invest wisely; and analysts can ensure optimised management of resources that enables more patients to get treated. On the other side of the coin, NHS data can be used by thieves to sell on for profit, which will then be exploited by fraudsters to create false identities. In some cases this can result in the fraud victim experiencing serious legal repercussions down the line, having bailiffs turn up at their door, or realising their credit score has been ruined by illicit activity.

In fact, medical data is worth more on the black market than financial data, and in 2019-2020 data breaches affected the healthcare sector more than any other industry. These breaches are both intentional – ie hackers stealing personal details – and involuntary, where information was revealed through human error, such as medical letters addressed to the wrong recipient.

This data dichotomy played out earlier this year in the form of a government backlash against plans to share anonymised GP data with private companies. The General Practice Data for Planning and Research scheme was put on hold after 1,382,582 people declined to allow use of their data within its six-week opt-out grace period. Most were concerned about the security of the system, with data privacy campaigners claiming the data cloaking measures could be reversed, allowing malicious users to uncover identities.

The NHS’s data has the potential to revolutionise healthcare across the UK and enhance services for patients, so it is understandable why it wants to work with organisations to make the most of it. The privacy campaigners themselves will admit that the sharing of medical data has strong justification. It’s ensuring said data is adequately protected that concerns them.

The NHS does this through their DSP Toolkit, an online self-assessment tool that allows organisations to demonstrate compliance through practising good data security and information handling. This updated version replaced the previous Information Governance Toolkit in 2018, to reflect the enhanced data reporting requirements made necessary by the General Data Protection Regulation (GDPR), as well as the Networks and Information System (NIS) Regulations where relevant.

All organisations that have access to NHS patient data and systems must use this tool, and assessments must be completed annually to keep compliance in date. However, requirements & evidence can be tailored to your organisation type. In terms of compliance levels, the new toolkit does not feature levels 1, 2 and 3 as were part of the previous toolkit. To meet the new standard, organisations must respond to all evidence items which are identified as mandatory, and confirm the associated ‘assertions’. This is where having an in-house compliance manager and/or team comes in handy, as you can pull apart the in-depth assessment, and break down into relevant chunks.

To take an example, for companies developing medical software, everyone in the chain is required to fill in this assessment. For medical-adjacent companies such as software partners the process can be daunting, as some of the questions are tailored specifically around data within medical organisations. Firms outside of this sector have to think laterally around how to evidence analogous data protection. For this reason it helps to have a software partner who holds a current up to date certification and can help you work through the system if needs be.

One real boon for compliance managers in the move from Information Governance Toolkit to DSP Toolkit is the fact it now recognises overlapping compliance proofs such as the ISO27001  information security standard. If you load this evidence into the assessment it will auto-complete the sections relevant to this.

The central benefit of choosing a software partner with current DSP Toolkit approval is that they can begin working with you instantly. With 43 mandatory evidence items required, plus 36 confirmations of claims required, it’s an extensive assessment. And while submitters can expect to have their documentation reviewed within a few days, there is always the possibility of rejection, or a request for more evidence, which can derail project deadlines and tank partnerships within the early stages.

As the medical field develops its digital offering, the DSP Toolkit is becoming increasingly relevant for software builders. However, without a serious focus on data compliance from all stakeholders, this field will remain forever hamstrung. It’s vital that software developers do their part to ensure data privacy and minimise breaches to ensure technology is allowed to achieve its life saving potential.

The post How Digital Partners can Navigate NHS Compliance appeared first on .

Hospitals now have an average of 10 to 15 internet-connected devices per bed. Medical device manufacturers are increasingly experimenting with data-collecting “smart” wearables and similar technology.

In practice, this data is already being used by hospitals and health care startups to improve inventory management, or offer more personalized health care to patients. It’s likely, however, that the medical field isn’t leveraging the full potential of this medical data.

Medical data analytics is already important to the industry — but it’s likely to become much more central over the next few years. This will likely create both major opportunities and new challenges for health care providers.

How Medical Data Analytics Is Used Right Now

Major health care providers and manufacturers are also beginning to use predictive analytics to help manage demand forecasting and inventory management during periods of supply chain instability.

With historical sales data or hospital inventory data, for example, it’s possible to better estimate resource requirements of essential medical supplies and treatments. This helps health care providers and manufacturers manage periods of unstable supply and demand.

This information, derived from solutions like barcode scanners for hospitals, can also help health care facilities improve the visibility of their inventory by creating real-time, digital records of facility medicine and equipment.

This can allow a nurse, for example, to know exactly how much of a particular kind of PPE a hospital has in store, as well as where that PPE is being stored. With this information, both individual employees and the organization itself can respond faster in a crisis.

In an interview with the Economic Times of India, Charlie Farah, the director of industry solutions at Qlik, described how this approach has worked in practice.

A particular application of data analytics can allow “hospital staff [and] managers to identify stock levels of PPE by location — with this information, management can relocate available stock to staff caring for patients that have fever or respiratory symptoms at other locations.”

Medical facilities are also utilizing predictive analytics to reduce patient wait times and more effectively manage hospital staffing. In the near future, these applications of predictive analytics may become more widespread.

Future Applications of Healthcare Data Analytics

As healthcare data analytics becomes more sophisticated — and as more aggregated health data becomes available — more advanced and patient-specific applications of medical data analytics could become commonplace.

One change will likely be the more widespread use of medical data in personalizing health care. With analysis of a client’s particular health data, an algorithm may be able to pinpoint treatments that are more likely to work than others — reducing the need for a trial-and-error approach when more than one treatment option is a possibility.

Chronic traumatic encephalopathy (CTE), for example, is an extremely common condition in post-career athletes, like football players. Despite its prevalence, however, there is no cure or treatment for the condition. The condition’s cognitive and behavioral symptoms can be treated, however — but the effectiveness of treatments for these symptoms can vary significantly from patient to patient.

Analysis of medical data like a patient’s health history, bloodwork, and genetics can help providers better understand which treatment options may work best — giving them somewhere to start.

In an article for Health IT Outcomes, Dr. Joost Huiskens of SAS Netherlands predicts “more and more health care providers will become data-driven organizations” in the years following the end of the COVID-19 pandemic.

Huiskens argues that the future of the health care industry depends on the adoption of personalized care, and the use of AI analytics and vast amounts of health care data to tailor treatments to each patient’s particular biology.

Information like a patient’s DNA is already being leveraged by medical startups to provide unique health care insights by a number of startups.

Soon, hospitals and other major care providers may also begin to more frequently use DNA health analysis as a first-line approach in treatment, helping doctors to more effectively pursue the most effective therapy possible for a particular condition.

However, it may be some time before major health care organizations are able or willing to adopt this tech. Before hospitals can begin offering these kinds of services at scale, it could be misleading to say that medical data analytics has become fully realized.

Challenges for Medical Data

The growing use and storage of health data also presents significant challenges that health care providers will need to manage. Hospitals have already become an increasingly popular target for hackers and cybercriminals.

As the amount of stored medical data grows, cyberattacks may become more common.

Finding ways to de-identify aggregated health data — which would make that data less valuable to hackers — while improving facility cyber defenses will likely be necessary before medical data analytics can become fully realized.

Barriers and Challenges for Medical Data Analytics

As medical data becomes more widely available, medical data analytics will become more essential to the health care industry. However, it’s likely that medical data analytics won’t be used to its full potential in the near future.

New applications of medical analytics — like DNA analysis for personalized health care — aren’t commonplace yet. Hospitals that adopt this technology may also have to manage the growing threat of medical data breaches.

Article by Shannon Flynn – Rehack

The post When Will Medical Data Analytics Become Fully Realized? appeared first on .