Fraud Fears As Hospital Loses Nearly Thousands of Patients’ Record
According to a report released by the Parliament Street research team, the NHS hospital system suffered from a data breach which resulted in a loss of nearly 10,000 patient records in 2017. The data lost was partly due to the WannaCry Malware crisis. This saw 80 out of 236 trusted hospitals hacked and attacked in England last year.
The alarming results have raised two major concerns:
- The fear of identity theft; in case the stolen records are offered for sale on the dark web and the difficulties doctors will go through in diagnosing patients and prescribing medications based on their records.
- Will worse attacks happen in 2018 and beyond? Even though the UK authorities reacted to the data breach by going after the WannaCry hackers, more attacks have been launched from unknown hackers of which the NHS and other institutions have been affected.
As part of their data collection, the researchers asked hospitals about the number of times their data went missing. Over 9,130 records were discovered to have been stolen. The patients’ records used in the analysis included those that were later found. Out of the 68 trusts in the computer systems of the hospitals, 16 of them confirmed that they had not experienced any kind of data lost. The research findings revealed that the University of Birmingham Hospital recorded the highest number of misplaced patient records with 3,179. Behind them followed the Boston NHS Trust with a loss of 2,163 patient records. The University Hospital Bristol also recorded 1,105 lost patient records.
Wigan and Leigh NHS Foundation Trust lost 426 patient records of data, and the Royal Devon and Exeter NHS Foundation Trust completed the fifth position having lost 425 patient records last year. It is worth noting that West Suffolk NHS Trust had their patients list lost despite the fact that they kept their patients’ data on Cerner Millennium electronic data. This should have given the most resistence to the WannaCry attack.
The total records lost from the report does not provide a complete overview of the situation. It is likely that the lost patient records are more than the numbers provided in the report since the analysis was based on the response of only 69 Hospitals that agreed to cooperate.
The report revealed that 95% of trusts in England take records in handwritten books which are bound to be misplaced and unlikely to have yet been recorded online or part of the hack.
In 2002, the government introduced the National Programme for Information Technology to ensure that patient records were delivered electronically; however, it is likely that the challenges relating to this development have forced the Hospitals to resort to handwritten notes, which also serve as hard copy back ups.
Peter Walsh, chief executive of Action against Medical Accidents said that the move to electronic data storage should be the best option as all NHS service providers will be able to access the same record. However, the system is not reliable enough. He added that the health services remain a target to the cyber-criminals. Therefore, it is always important to take care of the records regardless if the hackers intended to wreak havoc or steal patient records and sell them at cheaper prices on the dark web.
Barry Scott, of the cyber-security firm Centrify, said that the report shows the need for the hospitals to make cyber security a priority. According to him, there is the need for the NHS trusts to safely keep the patients’ records as they make efforts to find a more secure digital record storage.
Based on the data analysis, the researchers made two recommendations:
- Abolish handwritten notes: According to them, most of the data lost was as a result of the hospitals relying on handwritten notes to record data due to its convenience. However, these handwritten notes can lead to security issues and misinterpretation of records leading to the wrong input of data for collation as a result of the style of writing. They suggested that NHS hospitals should use digital means of storing data.
- Patients Identity Protocol should be introduced: The researchers recommended that the introduction of patients’ identity protocol can reduce the high number of data lost recorded each year. According to them, patients should be able to access up-to-date records of their health status, and also be able to access them from other professionals online. As part of this initiative, speech recognition software should also be used so that professionals can capture notes from the consultation in real-time.