Jump to content

Search the hub

Showing results for tags 'Cybersecurity'.

More search options

  • Search By Tags

    Start to type the tag you want to use, then select from the list.

  • Search By Author

Content Type


Forums

  • All
    • Commissioning, service provision and innovation in health and care
    • Coronavirus (COVID-19)
    • Culture
    • Improving patient safety
    • Investigations, risk management and legal issues
    • Leadership for patient safety
    • Organisations linked to patient safety (UK and beyond)
    • Patient engagement
    • Patient safety in health and care
    • Patient Safety Learning
    • Professionalising patient safety
    • Research, data and insight
    • Miscellaneous

Categories

  • Commissioning, service provision and innovation in health and care
    • Commissioning and funding patient safety
    • Digital health and care service provision
    • Health records and plans
    • Innovation programmes in health and care
    • Climate change/sustainability
  • Coronavirus (COVID-19)
    • Blogs
    • Data, research and statistics
    • Frontline insights during the pandemic
    • Good practice and useful resources
    • Guidance
    • Mental health
    • Exit strategies
    • Patient recovery
    • Questions around Government governance
  • Culture
    • Bullying and fear
    • Good practice
    • Occupational health and safety
    • Safety culture programmes
    • Second victim
    • Speak Up Guardians
    • Staff safety
    • Whistle blowing
  • Improving patient safety
    • Clinical governance and audits
    • Design for safety
    • Disasters averted/near misses
    • Equipment and facilities
    • Error traps
    • Health inequalities
    • Human factors (improving human performance in care delivery)
    • Improving systems of care
    • Implementation of improvements
    • International development and humanitarian
    • Patient Safety Alerts
    • Safety stories
    • Stories from the front line
    • Workforce and resources
  • Investigations, risk management and legal issues
    • Investigations and complaints
    • Risk management and legal issues
  • Leadership for patient safety
    • Business case for patient safety
    • Boards
    • Clinical leadership
    • Exec teams
    • Inquiries
    • International reports
    • National/Governmental
    • Patient Safety Commissioner
    • Quality and safety reports
    • Techniques
    • Other
  • Organisations linked to patient safety (UK and beyond)
    • Government and ALB direction and guidance
    • International patient safety
    • Regulators and their regulations
  • Patient engagement
    • Consent and privacy
    • Harmed care patient pathways/post-incident pathways
    • How to engage for patient safety
    • Keeping patients safe
    • Patient-centred care
    • Patient Safety Partners
    • Patient stories
  • Patient safety in health and care
    • Care settings
    • Conditions
    • Diagnosis
    • High risk areas
    • Learning disabilities
    • Medication
    • Mental health
    • Men's health
    • Patient management
    • Social care
    • Transitions of care
    • Women's health
  • Patient Safety Learning
    • Patient Safety Learning campaigns
    • Patient Safety Learning documents
    • Patient Safety Standards
    • 2-minute Tuesdays
    • Patient Safety Learning Annual Conference 2019
    • Patient Safety Learning Annual Conference 2018
    • Patient Safety Learning Awards 2019
    • Patient Safety Learning Interviews
    • Patient Safety Learning webinars
  • Professionalising patient safety
    • Accreditation for patient safety
    • Competency framework
    • Medical students
    • Patient safety standards
    • Training & education
  • Research, data and insight
    • Data and insight
    • Research
  • Miscellaneous

News

  • News

Find results in...

Find results that contain...


Date Created

  • Start
    End

Last updated

  • Start
    End

Filter by number of...

Joined

  • Start

    End

Group

First name

Last name

Country

Join a private group (if appropriate)

About me

Organisation

Role

Found 52 results
  1. News Article
    Hackers behind a London hospital attack recently published records that include personal information about pregnant women, newborns, cancer patients, people suffering from schizophrenia and thousands of others across the UK and Ireland, revealing the breach was far more widespread than authorities have previously indicated. An analysis of the data trove by Bloomberg News found that it contains tens of thousands of medical records on patients from more than 400 public and private hospitals and clinics. Among the records are some 40,000 highly sensitive documents sent by doctors requesting biopsies and blood tests for individual patients in all regions of the UK and some hospitals in Ireland. A breach of the kind faced by Synnovis was inevitable, according to Saif Abed, a former NHS doctor and expert in cybersecurity and public health. “The NHS has some of best patient safety and cybersecurity standards in the world,” Abed said. “They are just immensely poorly enforced.” Abed said that there was a lack of mandatory cybersecurity audits on any contractors providing services to the NHS, which meant those contractors could have substandard cybersecurity practices that could in turn leave the NHS vulnerable. Read full story Source: Bloomberg UK, 26 June 2024
  2. Content Article
    In the wake of reports linking IT flaws to deaths of patients and the recent cyber attack on pathology services in south east London, Chris Fleming in an article for Digital Health calls for radical change to make digital safer and more effective
  3. News Article
    NHS England has confirmed its patient data managed by blood test management organisation Synnovis was stolen in a ransomware attack on 3 June. Qilin, a Russian cyber-criminal group, shared almost 400GB of private information on their darknet site on Thursday night, something they threatened to do in order to extort money from Synnovis. In a statement, NHS England said there is "no evidence" that test results have been published, but that "investigations are ongoing". More than 3,000 hospital and GP appointments were disrupted by the attack. "Patients should continue to attend their appointments unless they have been told otherwise and should access urgent care as they usually would," NHS England said. A sample of the stolen data seen by the BBC includes patient names, dates of birth, NHS numbers and descriptions of blood tests, something cyber security expert Ciaran Martin told the BBC was "one of the most significant and harmful cyber attacks ever in the UK." Read full story Source: BBC News, 24 June 2024
  4. News Article
    Data from a ransomware attack has allegedly been published online weeks after the attack halted operations and tests in major London hospitals, NHS England has said. A Russian group is believed to have carried out the cyber-attack on Synnovis, a private pathology firm that analyses blood tests for Guy’s and St Thomas’ NHS foundation trust (GSTT) and King’s College trust, on 3 June, forcing hospitals in the capital to cancel almost 1,600 operations and outpatient appointments. NHS England said on Friday it had “been made aware that the cyber-criminal group published data last night which they are claiming belongs to Synnovis and was stolen as part of this attack. We know how worrying this development may be for many people. We are taking it very seriously.” In the attack, it is understood hackers from the Russian-based ransomware criminal group Qilin infiltrated Synnovis’s IT system and locked the computer system by encrypting its files to extort a payment for restoring access. The trusts have contracts with Synnovis totalling just under £1.1bn for services that are vital to the smooth running of the NHS. NHS England said an analysis of the data was under way involving the National Cyber Security Centre and other partners to confirm whether the data was taken from Synnovis’s systems and what information it contained. Read full story Source: The Guardian, 21 June 2024
  5. News Article
    Two pathology networks are coming to the aid of a neighbour, still largely paralysed following an unprecedented cyber attack on its IT system earlier this month. HSJ has learned that Australian-owned firm Health Services Laboratories, which operates mainly from two NHS trusts in north London, will take on some of the primary care tests in south-east London while the Synnovis systems, which were taken out by the attack, are down. HSL will take on work from Lambeth and Southwark boroughs, while South West London Pathology, an NHS-run consortium based at St George’s Hospital, will take on similar work for GP practices in Bexley and Bromley. SWLP was able to connect electronically to send results back to 70 surgeries in south east London within three days. HSL confirmed it had been drafted in, but it gave no information on what tests it was performing or where, or how it was assuring itself that services in north London would not suffer as a result. Read full story (paywalled) Source: HSJ, 20 June 2024
  6. News Article
    A heart patient has been left fearing for his health after his life-saving operation was cancelled due to a major cyber attack on London NHS hospitals. Russell Ashley-Smith, 81, is waiting for complex open heart surgery at King’s College Hospital in Denmark Hill, south London, without which he may only have up to two years to live. More than 200 emergency procedures were cancelled due to the ransomware hack earlier this month. Mr Ashley-Smith said: “I understand if I don’t [have the operation] it’s terminal. Doctors said you’ll live for one to two years with declining health and become less and less capable of doing things like walking. “I would become more dependent on my wife, and more dependent on being taken somewhere by car if I wanted to go outside. I would be unable to make music – I play the cello and the piano – all the things I like doing and I don’t want to be a couch potato." As well as operations, thousands of patient hospital appointments had to be cancelled across Guy’s and St Thomas’ Foundation Trust and King’s College University Hospital NHS Foundation Trust due to the cyber attack. The NHS admitted on Friday it would take months for services to recover even once the attack has been resolved, as staff will have to rebook patients for appointments and operations. Read full story Source: The Independent, 19 June 2024
  7. News Article
    London pathology providers are “running too hot” to give enough support the large system hit by a cyber attack last week, HSJ has been told. HSJ has learnt that all the capital’s pathology services have now been approached to help Guy’s and St Thomas’ and King’s College Hospital after the IT systems for their provider Synnovis went down, the pressure on the capital’s labs and technical issues limited what help could be given. But one senior manager told HSJ: “Many trusts are keen to help but their hands are tied. The difficulties are that so many medium-sized NHS labs are already running hot and have not got the capacity." HSJ was told there was significant clinical risk in primary care as well. Routine tests that might have picked up something important are not happening and one manager said: “Patients in primary care include those in nursing homes – blood tests and test for infections can be the only way to work out why a frail patient is deteriorating.” Read full story (paywalled) Source: HSJ, 17 June 2024
  8. News Article
    The NHS supply chain contains “absolutely massive” cybersecurity risks which have not “really been talked about”, an integrated care board and trust chair has warned. Lena Samuels, who is chair of two London trusts and of Hampshire and Isle of Wight Integrated Care Board, said: “We’ve been talking internally about our own organisations but we haven’t really talked about the supply chain and the risks within that – and that is absolutely massive.” Ms Samuels, speaking at the NHS Confed Expo conference yesterday, said many NHS organisations still needed to question: “How do our risk registers capture what our supply chain resilience looks like in terms of cyber protection?” She said NHS organisations also needed to be considering “who on my board is going to ask that question” and “whether they’re going to even think of asking that question”, adding: “There’s so much that we’ve got to think about.” Read full story (paywalled) Source: HSJ, 14 June 2024
  9. News Article
    Patients with cancer and those needing emergency operations were among those who had their treatment cancelled this week due to a major cyberattack on NHS hospitals in London. More than 200 emergency and life-saving operations, including those which should be done within 24 hours, had to be cancelled by Guy’s and St Thomas’ Foundation Trust (GSTT) and King’s College University Hospital NHS Foundation Trust. It is not yet clear how long the disruption will last, however hospitals are concerned they will struggle if it continues for more than a few days. According to a source, Synnovis carries out tens of thousands of tests a day but is unable to do so as it cannot access systems. The Independent revealed: More than a third of procedures and operations have been cancelled, which includes over 3,000 non-surgical appointments and hundreds of patients who have been referred for urgent cancer diagnosis. Mothers waiting to have c-sections have also had their procedures cancelled and hospitals are investigating potential harm. Transplant operations have been cancelled and hospitals have had to reduce the number of people they’re able to book in. Read full story Source: The Independent, 10 June 2024
  10. News Article
    An appeal has been launched for O blood-type donors to book appointments across England after the ransomware attack affecting major London hospitals. NHS Blood and Transplant is appealing for O blood-type donations as this is safe to use for all patients. The cyber-attack means the affected hospitals cannot match patients’ blood at the same frequency as usual. Several London hospitals last week declared a critical incident, cancelled operations and tests, and were unable to carry out blood transfusions after the attack on the pathology firm Synnovis, which Qilin, a Russian group of cybercriminals, is thought to have been behind. Memos to NHS staff at King’s College hospital, Guy’s and St Thomas’ (including the Royal Brompton and the Evelina London Children’s hospital) and primary care services in London said a critical incident had been declared. NHS Blood and Transplant is calling for O-positive and O-negative blood donors to book appointments in one of the 25 NHS blood donor centres in England to boost stocks. The hospitals affected by the cyber-attack cannot match patients’ blood at the same frequency as usual, NHS Blood and Transplant said. For surgeries and procedures requiring blood to take place, hospitals need to use O-type blood as this is safe to use for all patients. Blood has a shelf life of 35 days, so stocks need to be continually replenished, the NHS said. Read full story Source: The Guardian, 10 June 2024
  11. News Article
    Major hospitals in London have declared a critical incident after a cyber attack led to operations being cancelled and patients being diverted elsewhere for care. NHS officials said they were working with the National Cyber Security Centre after the attack on Synnovis, which provides pathology services to large hospitals and GP surgeries in the capital. The company said the ransomware attack has affected all of its IT systems, which has impacted its pathology services. Some procedures and operations have been cancelled or have been redirected to other NHS providers as hospital bosses continue to establish what work can be carried out safely. Synnovis was the victim of a ransomware cyberattack. This has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services. Mark Dollar, Synnovis chief executive Health service leaders said there has been a “significant impact” King’s College Hospital, Guy’s and St Thomas’ – including the Royal Brompton and the Evelina London Children’s Hospital – and GP services in south-east London. A memo to staff said the “critical incident” has had a “major impact” on the delivery of services, with blood transfusions particularly affected. Patients have described last-minute cancellations to operations and blood tests. Read full story Source: The Independent, 4 June 2024
  12. News Article
    A major health system’s pathology IT has been hit by a cyber attack, HSJ understands. A letter sent by Guy’s and St Thomas’ Foundation Trust chief executive last night said his £2.5bn-turnover trust was unable to connect to the servers of Synnovis. The problem is ongoing, and several senior sources told HSJ the system had been the victim of a ransomware attack. One said gaining access to pathology results could take “weeks, not days”. As well as GSTT – the NHS’s largest provider – neighbouring King’s College Hospital FT, which runs several hospitals in the system, and is thought to be affected. Synnovis also provides pathology services for primary care across all six of south east London’s boroughs. The news would make it one of the largest critical NHS systems brought down by a cyber attack. Read full story (paywalled) Source: HSJ, 4 June 2024
  13. News Article
    Healthcare providers are failing to protect the privacy of people living with HIV, the UK’s data watchdog has warned. The Information Commissioner’s Office said it has been forced to hand fines worth thousands to organisations which have released the details of those living with HIV. Speaking with The Independent, Information Commissioner John Edwards, said: “It is a huge problem [within healthcare] and it’s a disproportionate amount of our business. “That’s partly because of the seriousness and the sensitivity of health information, the huge scale of the health sector and very many moving parts, with many opportunities for information to slip out as it moves from one place to another, and frankly, they’re just not doing well enough.” In a warning on Tuesday the watchdog highlighted specific concerns over HIV patients’ data being breached through the use of bulk emails in which staff have not used the blind copy function. The Information Commissioner said: “People living with HIV are being failed across the board when it comes to their privacy and urgent improvements are needed across the UK. We have seen repeated basic failures to keep their personal information safe - mistakes that are clear and easy to avoid." Read full story Source: Independent, 30 April 2024
  14. News Article
    A hacker group is in possession of at least a “small number” of patients’ data following a cyber-attack, NHS Dumfries and Galloway has said. Reports emerged on Wednesday of a post by the group Inc Ransom on its darknet blog, alleging it was in possession of three terabytes of data from NHS Scotland. The post included a “proof pack” of some of the data, which has been confirmed by the board to be genuine. The chief executive of the NHS board, Jeff Ace, said in a statement: “We absolutely deplore the release of confidential patient data as part of this criminal act. “This information has been released by hackers to evidence that this is in their possession. We are continuing to work with Police Scotland, the National Cyber Security Centre, the Scottish government and other agencies in response to this developing situation.” Patients whose data has been leaked will be contacted by the board, he said, while patient-facing services would continue as normal. Read full story Source: The Guardian, 27 March 2024
  15. Content Article
    The use of AI in medical devices, patient screening and other areas of healthcare is increasing. This Medscape article looks at some of the risks associated with the use of AI in healthcare. It outlines the difficulties regulators face in monitoring adaptive systems, the inbuilt bias that can exist in algorithms and cybersecurity and liability issues.
  16. News Article
    At least half of all integrated care systems lack a plan to defend the services they oversee from a cyber attack, HSJ has discovered. Integrated care systems are responsible for bolstering the cyber resilience of the organisations in their area. This includes having a “system-wide plan for maintaining robust cyber security”. However, research by HSJ has found that only ten ICSs would confirm they had such a plan. Twenty-six ICSs admitted they did not have a plan in place, while six systems did not respond to HSJ’s inquiries. See the end of the story for the full list. Of those without a plan, only 10 said they were developing one. NHS England had initially asked each ICS to submit draft cyber security strategies by the end of May, before sending final versions by the end of September but is now thought to be drawing up new timelines. Some regions appear particularly exposed. All four ICSs in the North East and Yorkshire region admitted they did not have a cyber security plan, while no ICS in either the London or South East region could confirm they did. An NHSE spokesman told HSJ it was “vital” that ICSs have “robust plans in place to manage the specific cyber risks in their local areas to protect patient data and systems”. Read full story (paywalled) Source: HSJ, 15 January 2024
  17. Content Article
    In May 2021, the Irish public health service was the target of a cyber-attack. The response by the health service resulted in the widespread removal of access to ICT systems. While services including radiology, diagnostics, maternity and oncology were prioritised for reinstatement, recovery efforts continued for over four months. This study describes the response of health service staff to the loss of ICT systems and the risk mitigation measures introduced to safely continue health services. It also explores the resilience displayed by frontline staff whose rapid and innovative response ensured continuity of safe patient care.
  18. Event
    until
    Developing trust when it comes to the employment of AI-driven healthcare is a complex challenge, and one that’s easy to get wrong. Daniel Morris, Partner at Bevan Brittan, Mahesh Hariharan, Founder and CEO of Zupervise, and Surabhi Srivastava, Commercial VP of Qure.ai, will together explore the importance of trust in AI-driven healthcare, and how effective governance can help build trust between patients & providers. They will discuss topics such as: data provenance; algorithmic transparency; and the role of human oversight in ensuring patient safety and data security. Register
  19. Content Article
    The number of cyberattacks and information system breaches in healthcare has grown steadily, escalating from isolated incidents to widespread targeted and malicious attacks. In 2022, 707 data breeches occurred in the US, exposing more than 51.9 million patient records, according to data from the Department of Health and Human Services (DHHS).  To help healthcare organisations address this growing patient safety concern, The Joint Commission has issued this Sentinel Event Alert that focuses on risks associated with cyberattacks and provides recommendations on how healthcare organizations can prepare to deliver safe patient care in the event of a cyberattack. 
  20. News Article
    Two ambulance trusts have been left without a working electronic patient care record system for a week after a cyber attack affecting its Swedish-based supplier. Staff at South Western Ambulance Service Foundation Trust and South Central Ambulance Service FT have been working on paper since the MobiMed system – supplied by the firm Ortivus – went down last Tuesday. More than 1,700 ambulances and clinical workstations use the system, according to the company. One employee told HSJ some staff were struggling with a paper-based system which meant they had less information on patients. ”We can’t do summary care record searches or see previous call information,” the staff member said. SWASFT sent a message to staff on Friday saying the system was likely to be down “for a prolonged period”. Read full story (paywalled) Source: HSJ, 25 July 2023
  21. News Article
    Following the Advanced cyber attack in August 2022, Phil Huggins has revealed to a Digital Health Rewired audience that the NHS has “seen no clinical impact or significant clinical harm”, after a review to be released in the near future. The national chief information security officer for health and care at NHS England was speaking alongside a panel on the Cyber Security Stage on day two of Digital Health Rewired 2023 in London. Huggins explained that although the impact of the Advanced attack was big on the system, in a clinical sense it was not particularly damaging, despite the fact that client data was confirmed to have been exfiltrated. However, Ayesha Rahim, clinical lead for digital mental health at NHS England and chief medical information officer at Surrey and Borders Partnership Foundation Trust, was also on the panel, and spoke of the huge impact the attack had on staff. “The date 4th August is imprinted in my brain”, Rahim said, which is when the attack first happened and was first reported. She explained that it is “quite difficult to fully convey the chaos this caused”, giving examples of staff having no idea what a patient’s background was and therefore having to do everything “blindfolded”. Rahim said staff could not tell if it was safe to go out on visits to mental health patients due to the lack of data and information on them, and every time a person saw a staff member they were retraumatised having to explain their past over and over, including experiences of sexual abuse. Read full story Source: Digital Health, 15 March 2023
  22. News Article
    The government has failed to meet most of its own deadlines for commitments to improve how the NHS uses data, including developing a cybersecurity strategy, HSJ can reveal. The delays include work to store and analyse patient data more securely, building public trust in the NHS’ use of patient data, and agreeing national strategies on cybersecurity and cloud technology. The strategy and its commitments were published following the Goldacre Review, which called for an overhaul of how NHS patient data is collected, stored and used. It came after the government was forced to indefinitely halt a controversial plan to collect all GP-held patient data in 2021, which resembled the fate of a similar data scheme in 2016. Several data projects have also come under scrutiny from doctors and campaigners in recent years, such as NHS England’s procurement of a new Federated Data Platform and a much-criticised trust’s data-sharing scheme with a credit rating company. Read full story (paywalled) Source: HSJ, 28 February 2023
  23. Content Article
    Hospitals and other medical organisations are being hit by a rising number of cyberattacks; ransomware strikes on healthcare doubled annually between 2016 and 2021, according to a study published in December in the Journal of the American Medical Association. After a cyberattack, hospitals are forced to cancel procedures, reroute patients to other facilities and resort to pen-and-paper record-keeping. In this article, Wall Street Journal reporter James Rundle looks at how cyberattacks and a regulatory push are increasing the pressure on medical device manufacturers to improve the security of their products.
  24. News Article
    The Government is looking to hire a new cyber security chief for the NHS and Department of Health and Social Care (DHSC), at a time of heightened risk of cyber attacks against the health service. The DHSC last month issued a job advert for a “national chief information security officer”, who will sit within the digital policy unit of NHS England’s transformation directorate. It comes at a time when the risk of cyber attacks against the NHS is increasing. Earlier this summer, an attack on an NHS electronic patient record supplier impacted several providers, including a dozen mental health trusts, with some trusts still not having recovered their service fully. Meanwhile, in February, NHSE wrote to trusts to tell them to strengthen their cyber defences in the wake of Russia’s invasion of Ukraine. Read full story (paywalled) Source: HSJ, 18 November 2022
  25. Content Article
    In 2021, cybersecurity attacks on healthcare providers in the US reached an all-time high, with one study indicating that more than 45 million people were affected by these attacks in 2021 – a 32% increase on 2020. This report published by the Office of Senator Mark R Warner outlines the risk to patient safety posed by cyberattacks and proposes ways to improve federal leadership, enhance healthcare providers' preparedness for cyber emergencies and establish minimum cyber hygiene practices for healthcare organisations.
×
×
  • Create New...