Jump to content

Search the hub

Showing results for tags 'Cybersecurity'.

More search options

  • Search By Tags

    Start to type the tag you want to use, then select from the list.

  • Search By Author

Content Type


Forums

  • All
    • Commissioning, service provision and innovation in health and care
    • Coronavirus (COVID-19)
    • Culture
    • Improving patient safety
    • Investigations, risk management and legal issues
    • Leadership for patient safety
    • Organisations linked to patient safety (UK and beyond)
    • Patient engagement
    • Patient safety in health and care
    • Patient Safety Learning
    • Professionalising patient safety
    • Research, data and insight
    • Miscellaneous

Categories

  • Commissioning, service provision and innovation in health and care
    • Commissioning and funding patient safety
    • Digital health and care service provision
    • Health records and plans
    • Innovation programmes in health and care
    • Climate change/sustainability
  • Coronavirus (COVID-19)
    • Blogs
    • Data, research and statistics
    • Frontline insights during the pandemic
    • Good practice and useful resources
    • Guidance
    • Mental health
    • Exit strategies
    • Patient recovery
    • Questions around Government governance
  • Culture
    • Bullying and fear
    • Good practice
    • Occupational health and safety
    • Safety culture programmes
    • Second victim
    • Speak Up Guardians
    • Staff safety
    • Whistle blowing
  • Improving patient safety
    • Clinical governance and audits
    • Design for safety
    • Disasters averted/near misses
    • Equipment and facilities
    • Error traps
    • Health inequalities
    • Human factors (improving human performance in care delivery)
    • Improving systems of care
    • Implementation of improvements
    • International development and humanitarian
    • Patient Safety Alerts
    • Safety stories
    • Stories from the front line
    • Workforce and resources
  • Investigations, risk management and legal issues
    • Investigations and complaints
    • Risk management and legal issues
  • Leadership for patient safety
    • Business case for patient safety
    • Boards
    • Clinical leadership
    • Exec teams
    • Inquiries
    • International reports
    • National/Governmental
    • Patient Safety Commissioner
    • Quality and safety reports
    • Techniques
    • Other
  • Organisations linked to patient safety (UK and beyond)
    • Government and ALB direction and guidance
    • International patient safety
    • Regulators and their regulations
  • Patient engagement
    • Consent and privacy
    • Harmed care patient pathways/post-incident pathways
    • How to engage for patient safety
    • Keeping patients safe
    • Patient-centred care
    • Patient Safety Partners
    • Patient stories
  • Patient safety in health and care
    • Care settings
    • Conditions
    • Diagnosis
    • High risk areas
    • Learning disabilities
    • Medication
    • Mental health
    • Men's health
    • Patient management
    • Social care
    • Transitions of care
    • Women's health
  • Patient Safety Learning
    • Patient Safety Learning campaigns
    • Patient Safety Learning documents
    • Patient Safety Standards
    • 2-minute Tuesdays
    • Patient Safety Learning Annual Conference 2019
    • Patient Safety Learning Annual Conference 2018
    • Patient Safety Learning Awards 2019
    • Patient Safety Learning Interviews
    • Patient Safety Learning webinars
  • Professionalising patient safety
    • Accreditation for patient safety
    • Competency framework
    • Medical students
    • Patient safety standards
    • Training & education
  • Research, data and insight
    • Data and insight
    • Research
  • Miscellaneous

News

  • News

Find results in...

Find results that contain...


Date Created

  • Start
    End

Last updated

  • Start
    End

Filter by number of...

Joined

  • Start

    End

Group

First name

Last name

Country

Join a private group (if appropriate)

About me

Organisation

Role

Found 52 results
  1. News Article
    At least half of integrated care systems (ICS) lack plans for responding to cyberattacks, at a time of increasing cyber risks, HSJ can reveal. The findings also come at a time when the threat posed by cyber attackers is “constantly evolving”, and in the wake of a recent high-profile attack on a supplier to several trusts. In August 2021, NHS England published a framework – What Good Looks Like – to set out what ICSs and member organisations must achieve to be considered digitally mature. Requirements included that all ICSs should have a system-wide plan for “maintaining robust cybersecurity” with “centralised capabilities to provide support across all organisations”. However, 20 ICSs have told HSJ they do not yet have such a cybersecurity strategy or plan in place. Nine ICSs said they did, while the remaining 13 ICSs did not respond. This is despite the NHS being subjected to a growing number of cyber attacks. In 2020-21, NHS Digital reported the health service had been targeted roughly 21 million times on a monthly basis, which marked an increase since before the pandemic. Most of these are malicious emails containing malware and are automatically blocked by cyber defence and monitoring systems. However, in August, a dozen mental health trusts and several NHS 111 and urgent care providers were badly affected by a cyber attack on one of their IT suppliers, Advanced. Several trusts have not yet regained full access to their electronic patient record three months on from the attack. Read full story (paywalled) Source: HSJ, 11 November 2022
  2. News Article
    Patient care is still being undermined at NHS mental health trusts and social care providers that were hit by a major cyber attack in August, doctors have warned. Three months after the major attack wiped out NHS systems, patients’ records are missing, safety has been compromised, and medication doses are at risk of being missed amid ongoing “chaos”, i News has been told. Dr Andrew Molodynski, mental health lead at the British Medical Association, said the prolonged systems failure has damaged care because records are “integral to patients’ safety”. Mental health patients’ records and safeguarding alerts have not been available in some trusts since 4 August, when NHS software provider, Advanced, was hit by a ransomware attack which targeted its Carenotes records system. A total of 12 NHS mental health trusts have been impacted by the cyber attack, potentially impacting tens of thousands of patients as well as social care providers. According to Advanced’s own hazard log spreadsheet, seen by i News, the risks associated with disruption to its server include “medication doses missed”, “required number of carers not met”, “basic needs not met, such as nutrition and personal care”, and “health needs not met, such as wound care and physical support”. Advanced said: “We recognise that the restoration process has taken longer than we had initially anticipated and we have sought to communicate as clearly and transparently as we have been able.” It said planned dates for restoring the system for each client has been communicated directly and that the “overall restoration programme remains on track”. Read full story Source: i News, 4 November 2022
  3. Content Article
    Mike Fell, executive director of national cybersecurity operations at NHS Digital,, discusses the WannaCry cyberattack, teaching GP surgeries to up their game and how data can save lives.
  4. Content Article
    This article* is an update from Dr Henrietta Hughes, Patient Safety Commissioner for England.
  5. News Article
    No patient data held by mental health trusts was taken following a cyber attack this summer, NHS England has confirmed. The regulator told HSJ it had received confirmation from tech firm Advanced, which was the subject of a cyber attack in July, that no data had been breached on its Carenotes electronic patient record. The EPR is used by around a dozen mental health trusts. The process of reconnecting trusts fully back to Carenotes also started this week, after providers spent two months with limited or no access to their EPR. HSJ previously revealed that senior NHS chiefs feared patient data may have been taken or accessed by those responsible for the cyber attack, who issued ransom demands to Advanced. Since then, experts have been brought in to investigate any potential data impact following the attack. Read full story (paywalled) Source: HSJ, 21 September 2022
  6. News Article
    On Tuesday, the FBI issued a report offering recommendations to address a number of cybersecurity vulnerabilities in active medical devices stemming from outdated software, as well as the lack of security features in older hardware. Once exploited, the vulnerabilities could impact healthcare facility operations, patient safety, data confidentiality and data integrity. If a cyberattacker takes control, they can direct devices to give inaccurate readings, administer drug overdoses or otherwise endanger patient health. The FBI noted in its briefing that a mid-year healthcare cybersecurity analysis found that equipment vulnerable to cyberattacks includes insulin pumps, intracardiac defibrillators, mobile cardiac telemetry, pacemakers, and intrathecal pain pumps. Routine challenges include the use of standardised configurations, specialised configurations – including a substantial number of managed devices on a network – and the inability to upgrade device security features, according to the FBI's announcement. The agency further adds that research has found an average of 6.2 vulnerabilities per medical device and that 40% of medical devices at the end-of-life stage offer little to no security patches or upgrades. Read full story Source: Healthcare IT News, 13 September 2022
  7. News Article
    Doctors say it could take months to process mounting piles of medical paperwork caused by a continuing cyber-attack on an NHS supplier. One out-of-hours GP says patient care is being badly affected as staff enter a fourth week of taking care notes with pen and paper. The ransomware attack against software and services provider Advanced was first spotted on 4 August. The company says it may take another 12 weeks to get some services back online. Dr Fay Wilson, who manages an urgent-care centre in the West Midlands, says the main choke point for her team is with patient records. She said it could affect patient care "because we can't send notifications to GP practices, except by methods that don't work because they require a lot of manual handling, and we haven't got the staff to actually do the manual handling". Read full story Source: BBC News, 31 August 2022
  8. News Article
    Mental health trusts continue to suffer much disruption after a cyber attack left them unable to access their electronic patient records. Several trusts which use Advanced’s CareNotes EPR are grappling with the system being down, although the company said on Friday some progress had been made to restore the EPR. One source at an affected mental health trust said there had been “not much in the way of improvements”, while another said they feared it could be “months” before they can fully access the EPR. NHS England’s mental health director Claire Murdoch is regularly raising issue nationally, HSJ was told, as response teams work with Advanced to investigate and restore IT systems, which were taken offline after the company was hit by a cyber attack two weeks ago. Hereford and Worcestershire Health and Care Trust has told its patients they might have to “provide more detail on your medical history to ensure clinicians have the most up-to-date information”, while Oxford Health Foundation Trust warned the technical issues could cause delays to patient care. Read full story (paywalled) Source: HSJ, 21 August 2022
  9. News Article
    As the risk of cyberattacks on medical devices continues to mount, the Food and Drug Administration isn’t doing enough to ensure device makers include adequate security in their products, experts say. They charge that part of the problem is that the agency lacks the funds and the trained personnel to evaluate the cyber risk the devices carry and enforce the rules it does have on the books for approving devices. “I’ve spoken to device manufacturers, specifically product security people at device manufacturers, saying that they’ve been telling their organizations for the last year or two that they need to include cybersecurity as part of their submissions or else they’re going to get rejected,” said Mike Kijewski, CEO of medical device cybersecurity firm MedCrypt. “Yet for some of their recent submissions, they didn’t have a lot of cybersecurity documentation and they still got accepted by the FDA.” Cyberattacks remain a significant risk for healthcare companies. US patient safety group ECRI reported 173 medical device cybersecurity alerts in the past five years. The organisation warned that cybersecurity incidents don’t just disrupt business operations, but can “pose a real threat of physical harm.” For instance, ransomware attacks on hospitals can cause device outages that disrupt patient care, and at worst, put lives at risk. Read full story Source: MedTech Dive, 11 August 2022
  10. News Article
    Criminals have issued ‘demands’ to an NHS IT supplier targeted by a cyber attack, leading health chiefs to fear they have accessed confidential patient data, HSJ has learned. IT firm Advanced was targeted last week. The company provides electronic patient records to several trusts and most NHS 111 providers. Multiple government agencies – including the National Crime Agency and GCHQ – are now working to identify the extent of the damage caused by the attackers, while leaders of affected mental health trusts have warned of a “pretty desperate” situation as staff are unable to access vital patient records. In a statement issued last night, Advanced said: “With respect to potentially impacted data, our investigation is under way, and when we have more information about potential data access or exfiltration, we will update customers as appropriate.” Read full story (paywalled) Source HSJ, 11 August 2022
  11. News Article
    A cyber attack that has caused a major outage of NHS IT systems is expected to last for more than three weeks, leaving doctors unable to see patients’ notes, The Independent has learned. Mental health trusts across the country will be left unable to access patient notes for weeks, and possibly months. Oxford Health Foundation Trust has declared a critical incident over the outage, which is believed to affect dozens of trusts, and has told staff it is putting emergency plans in place. One NHS trust chief said the situation could possibly last for “months” with several mental health trusts, and there was concern among leaders that the problem is not being prioritised. In an email to staff, Oxford Health Foundation Trust chief executive Nick Broughton, said: “The cyber attack targeted systems used to refer patients for care, including ambulances being dispatched, out-of-hours appointment bookings, triage, out-of-hours care, emergency prescriptions and safety alerts. It also targeted the finance system used by the Trust." The NHS director said: “The whole thing is down. It’s really alarming…we’re carrying a lot of risk as a result of it because you can’t get records and details of assessments, prescribing, key observations, medical mental health act observations. You can’t see any of it…Staff are going to have to write everything down and input it later.” They added: “There is increased risk to patients. We’re finding hard to discharge people, for example to housing providers, because we can’t access records.” Read full story Source: The Independent, 11 August 2022
  12. News Article
    Many NHS 111 services are without a crucial IT system for several days, after a cyber attack on a software supplier. Providers had to move to pen-and-paper yesterday, and have been unable to access patient records. Adastra – which is used by 85% of NHS 111 providers – went offline at 7am on Thursday. It was still affected as of Sunday, and staff were told it may not be online for several days. Advanced, which supplies Adastra, confirmed on Friday evening the incident was caused by a cyberattck, but says it managed to limit the damage to a small number of its servers. It was reported on Saturday that the attack is thought to have been by a criminal group trying to extort money — so-called ransomware — rather than an attack by a group linked to a state/government. As well as NHS 111, the system is used by some GP out-of-hours services and has also been marketed to urgent care providers. NHS 111 services have had to use lists of protocols when answering calls and write details down, rather than the software automatically implementing the protocols. One briefing note from commissioners in London, seen by HSJ, described the issue as a “total system outage” for NHS 111, and said “likely delays for patients… will continue throughout the weekend and potentially over next week”. Read full story (paywalled) Source: HSJ, 8 August 2022
  13. News Article
    Medical devices are one major weak point in health care cybersecurity, and both the US Congress and the Food and Drug Administration took steps towards closing that gap this week —Congress with a proposed bill and the FDA with new draft guidelines for device makers on how they should build devices that are less likely to be hacked. Devices like infusion pumps or imaging machines that are connected to the internet can be targets for hacks. Those attacks can siphon off patient data or put their safety directly at risk. Experts consistently find that devices in use today have vulnerabilities that could be exploited by hackers. The new document is still just a draft, and device makers won’t start using it until it’s finalised after another round of feedback. But it includes a few significant changes from the last go-around — including an emphasis on the whole lifecycle of a device and a recommendation that manufacturers include a Software Bill of Materials (SBOM) with all new products that gives users information on the various elements that make up a device. An SBOM makes it easier for users to keep tabs on their devices. If there’s a bug or vulnerability found in a bit of software, for example, a hospital could easily check if their infusion pumps use that specific software. The FDA also put out legislative proposals around medical device cybersecurity, asking asking Congress for more explicit power to make requirements. “The intent is to enable devices to be that much more resilient to withstand the potential for cyber exploits or intrusion,” Schwartz says. Manufacturers should be able to update or patch software problems without hurting the devices’ function, she says. Read full story Source: The Verge, 8 April 2022
  14. Event
    Through multidisciplinary lectures from expert speakers and lively panel discussions, this Royal Society of Medicine conference will look at the current cybersecurity threats facing health and care organisations and examine the progress made by healthcare institutions since 2017 in rising to the challenge of cybersecurity. We will focus on the issues facing the NHS today and the steps that NHS organisations should take to protect themselves. Attendees will learn how cybercriminals and hostile nation-states pose a threat to patient safety and trust. Delegates will hear from NHSX, NHS Digital and key organisations that combat cyber threats daily. They will also hear directly from experts in the field about the steps they are taking to help healthcare organisations to address their issues and concerns. During this event, you will: Current cybersecurity threats faced by healthcare organisations from both cybercriminals and hostile nations. Specific risks due to online working, increasing digitalisation and prevalence of connected medical devices and artificial intelligence (e.g. data provenance). Specific risks due to the use of medical and telehealth devices in the home and community. How the NHS is equipped to deal with current and future threats. Tools and approaches to protect organisations and devices from attack. Register
  15. Content Article
    This blog in the Health Services Journal (HSJ) looks at the risk posed to clinical care by cyberattacks. A recent HSJ webinar in association with Sophos argued cybersecurity should be the business of everyone in the NHS, and looked at how NHS organisations can tackle the issue. Cyberattacks can cause delays and compromise patient safety and are therefore something that all healthcare staff need to consider. Using helpful language to explain the implications of cyberattacks is key to getting involvement right across the spectrum of management and frontline staff, so that it is not seen as 'an IT issue'.
  16. Content Article
    In this article in Inforisk Today, Marianne McGee looks at warnings from patient safety experts and federal authorities around cyberattacks on the public health sector. She looks at emerging trends in the way that cybercriminals target healthcare, recent work to bring down cybercriminal gangs and the impact of ransomware attacks on healthcare systems.
  17. Content Article
    This new book by Professor Harold Thimbleby of Swansea University tells stories of widespread problems with digital healthcare and explores how they can be overcome. "The stories and their resolutions will empower patients, clinical staff and digital developers to help transform digital healthcare to make it safer and more effective."
  18. Content Article
    This document provides the principles, concepts, terms and definitions for health software and health IT systems, key properties of safety, effectiveness and security, across the full life cycle, from concept to decommissioning. It also identifies the transition points in the life cycle where transfers of responsibility occur, and the types of multi-lateral communication that are necessary at these transition points. This document also establishes a coherent concepts and terminology for other standards that address specific aspects of the safety, effectiveness, and security (including privacy) of health software and health IT systems.
  19. Content Article
    Ransomware attacks against healthcare providers are increasing and puts patient safety at risk. Ransomware attacks can severely affect a healthcare provider's ability to provide care to patients (e.g., diversion of emergency vehicles, cancellation of appointments) delay or prevent a facility's ability
  20. Content Article
    The world has significantly changed in the past decade and the healthcare sector has changed with it. Many healthcare organisations are now digital and digital tools enable patient safety and care. Electronic health records (EHRs) have replaced paper records. Picture archiving and communication systems have replaced film and light boxes. Computer-implemented or enabled hardware and software have replaced the mechanical systems of yesterday. In some instances, virtual visits have replaced in-person visits. And patients can transmit information about their health status and condition in real time to their clinicians via various software applications and devices. As a result of our digital transformation, electronic data is the lifeblood of the healthcare organisation. Electronic data, in the healthcare context, must be kept confidential, integrity must be preserved, and it must be made available on demand wherever and whenever it is needed. But if electronic data is not appropriately protected, clinical care and the business of healthcare can grind to a halt. This is why ransomware has been a significant concern for many healthcare organisations, as Lee Kim, Director Privacy and Security, HIMSS, explains in this article.
  21. Content Article
    In this month's Letter from America, Lorri Zipperer discusses cautions and capabilities associated with healthcare technologies. Letter from America is a Patient Safety Learning blog series highlighting new accomplishments and patient safety challenges in the United States. This is Lorri's last blog in the series and we'd like to thank Lorri for sharing her insights with us over the last 12 months. Read here all the Letter from America blogs
  22. Content Article
    Large-scale organisational disruptions threaten patient safety. This essay from Lisa Croke in the AORN Journal shares privacy, physical space operation and medical device function concerns that could result from cyberattacks.
  23. Content Article
    An overview of the industry study by MxD and IAAE between February and June 2021 funded by FDA Office of Counterterrorism and Emerging Threats. The aim of the study was to gain an initial baseline to deepen FDA’s understanding of the factors that impact a manufacturer’s decision to invest in and adopt digital technologies by illuminating both perceived and demonstrated barriers from technical, business, and regulatory perspectives, and related cybersecurity considerations.
  24. Content Article
    We are NHS Digital’s Clinical Safety team and I’d like to tell you more about who we are, what we do and why we do it. 
  25. Content Article
    On a day to day basis, the NHS Digital Clinical Safety team are involved in several wide-ranging and very different projects. As you know, clinical safety should be part of everything the NHS do. Every project, every programme, every deployment. Clinical safety should be considered, understood and implemented to the highest calibre. So as you can imagine, we are a busy team. For those manufacturers with systems in use, we deal with live incidents, upgrades, further geographical or functionality deployments. For those creating new systems we are supporting them in their clinical risk management process, running hazard workshops, creating hazard logs and writing the supporting documentation.  We are constantly reviewing and peer reviewing, assessing compliance and marking against the standard requirements. We assist suppliers and health organisations to self-audit their compliance against the standards so they may improve their clinical safety position.  We are assessing new and emerging apps and mobile health solutions to ensure they are going through the same standard of assessment as the traditional computer-based systems and we are providing representation across the NHS to ensure clinical safety remains paramount to the work being done.  One of the biggest branches of our role is training delivery. We know first-hand the importance of having a team that are educated and confident in clinical risk management.
×
×
  • Create New...