“18 months ago we would talk about if, not when. Now it has happened,” Daniel Taylor, Head of Security at NHS Digital told CIOs and healthcare technology leaders recently at a conference the editor of Horizon Business Innovation was moderating.
Taylor was referring to the Wannacry ransomeware attack that hit the NHS on May 12. Wannacry was not only damaging to the NHS in England but also caused major problems for the German rail network and manufacturing and services industries across the globe. Taylor said Wannacry hit the NHS on May 12, 2017 along with “400,000 machines globally”.
“Wannacry was different as we individually didn’t have to do anything. It was self propagating,” he told the audience in London’s docklands. “The recovery was hugely positive,” he said of the response of the NHS. “The impact was reasonably tolerable, but we need to learn how we do that better as we need to be in control a lot quicker and recover quickly,” Taylor said.
Taylor told health technology professionals that their role, and his, is a constant tightrope walk: “We need to balance the need for better patient care with better clinical outcomes,” he said of the need for continued progress on the digital health agenda. “Security is about a risk and we need to balance better care with security, it doesn’t mean saying no.
“We don’t do security because it is a good idea. We do security as an enabler to public trust because patients bestow us with that information.”
Taylor believes communications to patients and the clinical community are essential security tools when the next ransomeware or cyber-security attack happens to the NHS.
“We need to be quicker at doing some good communications,” he said. NHS Digital has developed a series of tools that use the “brandnames” assure, react and intel, which Taylor said were developed using research from the medical research organisation the Wellcome Trust into the most effective terminology around patient data. As ever, Taylor said it is vital that health technologists only use technical language with a technology audience. Taylor said similar approaches from the Government Digital Service (GDS) “to name the problem you are trying to solve” is a valuable resource.
The continued austerity from the Conservative minority government entered every presentation and debate at the Digital Healthcare 2017 event. On austerity and healthcare cyber-security Taylor said: “We all know there is a limit to funding for care, let alone security.”