Cybersecurity is only going to become a more complex issue, and one which is ever more closely tied to patient safety. Organisations need to find ways to address this agenda accordingly, writes Jonathan Lee

With the delivery of healthcare increasingly digitised, the issue of cybersecurity is more than ever an issue of patient safety and care. Yet how well equipped organisations are to keep systems secure varies. Different trusts have had differing capacities to invest in digital transformation, and in turn different capacities to invest in cybersecurity resources.

Sponsored bysophos-logo-black-rgb

Making systems as secure as they can be is complicated. It is unlikely NHS organisations will ever be able to match the cybersecurity budgets of the likes of banks, transport systems, or energy providers. Yet the consequences of an attack on healthcare can be serious, leading to real harm.

The sector therefore needs to find simple and cost effective ways to keep systems as secure as possible. This might involve introducing security technology solutions that make it easier to deploy and configure software platforms and keep them as safe as possible from attack. At Sophos, we provide such solutions. The idea is to ensure that IT staff at all levels can reliably ensure systems are and remain secure.

On top of that there will need to be expert monitoring of systems, not just via the NHS Digital Cyber Security Operations Centre (CSOC) but also at a local level. This monitoring should look for signs of attack, and respond and investigate accordingly. It may be challenging to consistently recruit such resource at local and regional levels, again due to limited budgets. External support can be a helpful alternative here, delivering expert support to hunt, detect and investigate threats and react accordingly as a managed service regionally, in partnership with the CSOC.

Since March 2020, there has been a real acceleration in the use of digital technology in healthcare. Remote solutions that might initially have been seen as a stopgap are now business as usual for the foreseeable future. That means that cybersecurity is only going to become a more complex issue, and one which is ever more closely tied to patient safety. Organisations will need to find ways to address this agenda accordingly.

Jonathan Lee is director of public sector, Sophos

Should cybersecurity be seen as a patient safety issue?