Vertical Markets

Breaches in healthcare

by Mark Rowe

Digitisation and improved practices are arguably more important for the healthcare sector than any other. After all, the more efficient the sector is, the greater the patient care it can provide, says Stefan Spendrup, pictured, VP of Sales, Northern and Western Europe at the mobile and IoT device management software company SOTI.

The National Health Service (NHS) is at the beginning of its tech revolution – video conferences are now the norm and the NHS app has already been downloaded more than 22 million times.

Digital transformation is in full swing – SOTI’s A Critical Investment: Taking the Pulse of Technology in Healthcare report found that 77 per cent of IT healthcare professionals have increased the number of tech solutions they use this year, but concerns still exist, specifically around security. In fact, 88pc of IT healthcare professionals are worried about patient information being revealed, lost, accessed, stolen or inadequately backed up, with a further 45pc of UK organisations having experienced a data breach since 2020.

With a duty of care to protect confidential patient records, this is something the industry must be cautious of as it continues its digital journey. Healthcare services must now face the transition to a digitised system by ensuring there is full confidence in the technologies deployed by their organisations. This can only be achieved with full transparency into how the systemic renovation works, as detailed below.

How they happened

A recent report by international law firm RPC revealed that the ransomware attacks handled by the Information Commissioner’s Office (ICO) in the UK increased by 100% during 2021, impacting 45 million people in total. Breaches were rife during the pandemic, including hackers luring people to share personal information via email and text message by posing as the NHS COVID-19 vaccine rollout and hackers creating fake NHS COVID-19 apps. With the frequency of attacks rising exponentially, it is understandable that IT healthcare professionals are worried about patient information being jeopardised.

There are many elements that have led to data breaches occurring internally within the healthcare sector and externally from outside hackers. For example, healthcare organisations in the UK reported that since 2020, 44pc of data breaches have been from outside sources or Distributed Denial of Service (DDoS) ransomware attacks, like the data breach the NHS experienced last year where national and local IT systems of the Health Service Executive (HSE) were struck by a cyberattack.

The impact of the attack meant the hackers had access to patient details, employee records and financial information, leaving hospitals across Ireland without access to electronic records. This left healthcare workers without access to medical equipment, such as monitor scanners which were disabled, meaning appointments were cancelled.

On the other hand, a proportion of attacks happen internally, with 46pc of data leaks since 2020 being planned or accidentally initiated by an employee. This emphasises the importance of ensuring that all employees understand the severity of data breaches and are adequately trained in data protection to prevent detrimental mistakes.

Scaling up

Interconnected devices help healthcare workers improve patient care by collecting data from equipment such as pacemakers and scanners and using it to regulate doses, improve diagnostics and more. While increasing the interconnectivity of devices enables healthcare workers to improve patient care, it does, however, present opportunities for security breaches. More than half of IT professionals believe some of their interconnected devices are not adequately secure.

By increasing digitalisation in the healthcare industry, such as streamlining healthcare processes, electronic record keeping, more frequent app usage and improved security of interconnected devices and patient care services, healthcare workers will have easier access to patient data and know it is secure. This removes the added pressure of feeling responsible for the safety of sensitive patient records maintained by outdated manual and paper entry processes.

Tech within healthcare

Part of the issue with the degree of data protection in the healthcare sector is that organisations are not spending enough money on sufficient data security. Given the obstacles in play, including a lack of funding, rethinking investments may be the difference between the success or failure of healthcare’s future of digitisation and mobility. For example, almost one quarter (23pc) of IT decision-makers believe IT teams are spending too much money on minor issues such as fixing printers rather than focusing on larger, more expensive projects like overcoming backlog appointments and ensuring all devices are effectively protected.

However, when investing in the right data security system, it is about understanding what is best for the organisation and the data that needs to be protected. When protecting healthcare devices, healthcare providers must ensure all technology deployed in their organisation is equipped with an effective Enterprise Mobility Management (EMM) solution. These solutions provide increased visibility, security and management of mobile technologies, with the option for IT professionals to remotely manage any mobile device or IoT endpoint and shut them down during a data breach.


While the risk of a data breach is not slowing down the need and desire for innovation, it may be reducing confidence in new technologies, devices and processes. For example, there is a lack of confidence among patients when sharing their data, ultimately harming the effectiveness of the devices being implemented. Meanwhile, 32pc of global healthcare workers feel they do not have sufficient access to IT support or training apps when IoT/telehealth devices need fixing and are therefore lacking confidence in using new technologies.

With a lack of confidence comes hesitancy, meaning some healthcare providers may go back to old habits like inefficient manual paper processes. With a rise in new integrations and unfamiliar technologies, many IT professionals in the healthcare sector fear a history of catastrophic data breaches will repeat itself. However, there is hope that these technologies instil confidence rather than detract from it and integration becomes more efficient and robust as data breaches become manageable in the healthcare sector.

Related News


Subscribe to our weekly newsletter to stay on top of security news and events.

© 2023 Professional Security Magazine. All rights reserved.